[英]Spring Boot 1.3.3., Spring Security basic custom config
I know this is the n. 我知道这是n。 post about Spring Security, and I did read a lot about it, until I decided to post my question, because - I assume - due to the nature of Spring Boot there must be some kind of problem hidden underneath the hood, that is specific to the constellation of Boot version/security type I'm using.
关于Spring Security的文章,我确实读了很多,直到我决定发表我的问题为止,因为-我认为-由于Spring Boot的性质,引擎盖下必然存在某种特定的问题,我正在使用的Boot版本/安全类型的星座。
Let me just into it. 我来吧。
pom.xml: pom.xml:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jersey</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>1.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
My basic Security Config: 我的基本安全配置:
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private StudentRepository studentRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/").access("hasRole('ROLE_STUDENT')")
.antMatchers("/**").permitAll();
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error=true");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Iterable<Student> studentsWithIds = studentRepository.findAll();
for (Student student: studentsWithIds) {
if (student.getName() == username) {
return studentRepository.findOne(student.getId());
}
}
throw new UsernameNotFoundException("User '" + username + "' not found.");
}
});
}
}
My Student class implementing UserDetails (with HARD-WIRED credentials for simplicity's sake. Role is ROLE_STUDENT): 我的学生类实现UserDetails(为简单起见,使用HARD-WIRED凭据。角色为ROLE_STUDENT):
@Entity
public class Student implements UserDetails {
@Id @GeneratedValue(strategy=GenerationType.AUTO)
private Integer id;
@Column(unique=true)
private Integer facebookId;
@Column(unique=true)
private Integer googleId;
private String name = "";
private String password = "";
public void setName(String name) {
this.name = name;
}
public String getName() {
return this.name;
}
public String getPassword() {
return this.password;
}
public void initialize(String studentName) {
this.name = "student1";
this.password = "password";
}
@Override
public String toString(){
return "Student with name " + name + "id: " + id;
}
public Integer getId() {
return id;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Arrays.asList(new SimpleGrantedAuthority("ROLE_STUDENT"));
}
@Override
public String getUsername() {
return this.name;
}
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return true;
}
}
That's it. 而已。 I don't have any other security related configuration nor annotation, and as far as I know I don't have to have anything else.
我没有任何其他与安全性相关的配置或注释,据我所知,我不需要其他任何东西。
The problem is that when I start the application I still cannot authenticate myself with "student1"/"password", but only with the default "user"/. 问题是,当我启动应用程序时,我仍然无法使用“ student1” /“ password”进行身份验证,而只能使用默认的“ user” /进行身份验证。
Any idea what is missing please? 知道缺少什么吗? Thank you!
谢谢!
Naturally there is a user already in the database After debug mode turned in: 自然地,数据库中已经有一个用户进入调试模式后:
22:06:54.067 [http-nio-8280-exec-1] DEBUG osswaAnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser;
22:06:54.067 [http-nio-8280-exec-1]调试osswaAnonymousAuthenticationFilter-填充的SecurityContextHolder,带有匿名令牌:'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc:委托人:onymousUser; Credentials: [PROTECTED];
凭证:[受保护]; Authenticated: true;
已验证:true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1;
详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@b364:RemoteIpAddress:0:0:0:0:0:0:0:1; SessionId: null;
SessionId:null; Granted Authorities: ROLE_ANONYMOUS' 22:06:54.067 [http-nio-8280-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /students/1 at position 9 of 11 in additional filter chain;
授予的权限:ROLE_ANONYMOUS'22:06:54.067 [http-nio-8280-exec-1]调试org.springframework.security.web.FilterChainProxy-/ students / 1在附加过滤器链中的11的位置9; firing Filter: 'SessionManagementFilter' 22:06:54.067 [http-nio-8280-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /students/1 at position 10 of 11 in additional filter chain;
触发过滤器:'SessionManagementFilter'22:06:54.067 [http-nio-8280-exec-1]调试org.springframework.security.web.FilterChainProxy-/ students / 1在附加过滤器链中的11的位置10; firing Filter: 'ExceptionTranslationFilter' 22:06:54.067 [http-nio-8280-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - /students/1 at position 11 of 11 in additional filter chain;
触发过滤器:'ExceptionTranslationFilter'22:06:54.067 [http-nio-8280-exec-1]调试org.springframework.security.web.FilterChainProxy-/ students / 1在附加过滤器链中的11的位置; firing Filter: 'FilterSecurityInterceptor' 22:06:54.068 [http-nio-8280-exec-1] DEBUG osswaccess.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /students/1;
触发过滤器:“ FilterSecurityInterceptor” 22:06:54.068 [http-nio-8280-exec-1]调试osswaccess.intercept.FilterSecurityInterceptor-安全对象:FilterInvocation:URL:/ students / 1; Attributes: [hasAnyRole('ROLE_USER')] 22:06:54.068 [http-nio-8280-exec-1] DEBUG osswaccess.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser;
属性:[hasAnyRole('ROLE_USER')] 22:06:54.068 [http-nio-8280-exec-1]调试osswaccess.intercept.FilterSecurityInterceptor-先前已认证:org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc:主体:匿名用户; Credentials: [PROTECTED];
凭证:[受保护]; Authenticated: true;
已验证:true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1;
详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@b364:RemoteIpAddress:0:0:0:0:0:0:0:1; SessionId: null;
SessionId:null; Granted Authorities: ROLE_ANONYMOUS 22:06:54.072 [http-nio-8280-exec-1] DEBUG ossecurity.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@272de199, returned: -1 22:06:54.072 [http-nio-8280-exec-1] DEBUG osbfactory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'delegatingApplicationListener' 22:06:54.073 [http-nio-8280-exec-1] DEBUG ossecurity.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous);
授予的权限:ROLE_ANONYMOUS 22:06:54.072 [http-nio-8280-exec-1]调试ossecurity.access.vote.AffirmativeBased-选民:org.springframework.security.web.access.expression.WebExpressionVoter@272de199,返回:- 1 22:06:54.072 [http-nio-8280-exec-1]调试osbfactory.support.DefaultListableBeanFactory-返回单例bean'delegatingApplicationListener'的缓存实例22:06:54.073 [http-nio-8280-exec-1]调试ossecurity.web.access.ExceptionTranslationFilter-拒绝访问(用户为匿名用户); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.session.SessionManagementFilter.doFilter(Se
重定向到身份验证入口点org.springframework.security.access.AccessDeniedException:在org.springframework.security.access.intercept的org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)处拒绝访问。 org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)处的AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232) org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)的org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)的FilterSecurityInterceptor.java:90) .springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)在org.springframework.security.web.session.SessionManagementFilter.doFilter(Se ssionManagementFilter.java:122) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) at org.spri
org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)位于org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)上的.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)在org.springframework.security.web.FilterChainProxy org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java)上的$ VirtualFilterChain.doFilter(FilterChainProxy.java:330)在org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48)在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java :330),位于org.spri的org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) ngframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.context.request
org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)位于org.springframework.security.web.authentication.logout处的ngframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)。 org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)处的LogoutFilter.doFilter(LogoutFilter.java:120)org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java: 64)在org.springframework.security.web.org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.context.request上的.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)在org.springframework.security.web.context.request .async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) at org.springfra
org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java处的.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) :330),位于org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213),位于org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176),位于org.springframework.web.filter。 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)上的org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)上的DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) org.springfra.org的.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)在org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) mework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.cor
位于org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)的mework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)位于org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain)。 org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87)处org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)处org.apache.catalina.core位于org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)位于org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)的.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)的org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)在org.apache.catalina.cor e.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.con
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)上的e.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)在org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)在org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)在org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)在org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)在org.apache.catalina.core.StandardWrapperValve.invoke (StandardWrapperValve.java:212)在org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)在org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)在org.apache。位于org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)的catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)位于org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java: 88)在org.apache.catalina.con nector.CoyoteAdapter.service(CoyoteAdapter.java:522) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Unknown Source) 22:06:54.073 [http-nio-8280-exec-1] DEBUG ossecurity.web.access.ExceptionTranslationFilter - Calling Authentication entry point.
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095)上的nector.CoyoteAdapter.service(CoyoteAdapter.java:522)在org.apache.coyote.AbstractProtocol $ AbstractConnectionHandler.process(AbstractProtocol.java:672)在org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.run(NioEndpoint.java:1456)在org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.doRun(NioEndpoint.java:1500) java.util.concurrent.ThreadPoolExecutor $ Worker.run(未知源)的org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.java:61)处的.concurrent.ThreadPoolExecutor.runWorker(未知源) java.lang.Thread.run(未知源)22:06:54.073 [http-nio-8280-exec-1]调试ossecurity.web.access.ExceptionTranslationFilter-调用身份验证入口点。 22:06:54.073 [http-nio-8280-exec-1] DEBUG ossweb.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 22:06:54.073 [http-nio-8280-exec-1] DEBUG osboot.context.web.OrderedRequestContextFilter - Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@13a7abbc 22:06:54.077 [http-nio-8280-exec-1] DEBUG org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'dispatcherServlet' processing GET request for [/error] 22:06:54.080 [http-nio-8280-exec-1] DEBUG oswsmmaRequestMappingHandlerMapping - Looking up handler method for path /error 22:06:54.083 [http-nio-8280-exec-1] DEBUG oswsmmaRequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)] 22:06:54.083 [http-nio-8280-exec-1] DEBUG osbfac
22:06:54.073 [http-nio-8280-exec-1]调试ossweb.context.SecurityContextPersistenceFilter-当请求处理完成时,SecurityContextHolder已清除,22:06:54.073 [http-nio-8280-exec-1]调试osboot。 context.web.OrderedRequestContextFilter-清除的线程绑定请求上下文:org.apache.catalina.connector.RequestFacade@13a7abbc 22:06:54.077 [http-nio-8280-exec-1]调试org.springframework.web.servlet.DispatcherServlet -名称为'dispatcherServlet'的DispatcherServlet处理对[/ error]的GET请求22:06:54.080 [http-nio-8280-exec-1]调试oswsmmaRequestMappingHandlerMapping-查找路径/ error的处理程序方法22:06:54.083 [http- nio-8280-exec-1]调试oswsmmaRequestMappingHandlerMapping-返回处理程序方法[公共org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet .http.HttpServletResponse)] 22:06:54.083 [http-nio-8280-exec-1]调试osbfac tory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'basicErrorController' 22:06:54.084 [http-nio-8280-exec-1] DEBUG org.springframework.web.servlet.DispatcherServlet - Last-Modified value for [/error] is: -1 22:06:54.084 [http-nio-8280-exec-1] DEBUG osojsupport.OpenEntityManagerInViewInterceptor - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor 22:06:54.104 [http-nio-8280-exec-1] DEBUG oswservlet.view.ContentNegotiatingViewResolver - Requested media types are [text/html, text/html;q=0.8] based on Accept header types and producible media types [text/html]) 22:06:54.104 [http-nio-8280-exec-1] DEBUG osbfactory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'error' 22:06:54.107 [http-nio-8280-exec-1] DEBUG osbfactory.support.DefaultListableBeanFactory - Invoking afterPropertiesSet() on bean with name 'error' 22:06:54.107 [http-nio-8280-exec-1] DEBUG oswservlet.view.ContentNegotiatingViewResolver - Returnin
tory.support.DefaultListableBeanFactory-返回单例bean'basicErrorController'的缓存实例22:06:54.084 [http-nio-8280-exec-1] DEBUG org.springframework.web.servlet.DispatcherServlet-[/ error的最后修改值]是:-1 22:06:54.084 [http-nio-8280-exec-1]调试osojsupport.OpenEntityManagerInViewInterceptor-在OpenEntityManagerInViewInterceptor中打开JPA EntityManager 22:06:54.104 [http-nio-8280-exec-1]调试oswservlet。 view.ContentNegotiatingViewResolver-请求的媒体类型为[text / html,text / html; q = 0.8],基于Accept标头类型和可生产的媒体类型[text / html])22:06:54.104 [http-nio-8280-exec- 1] DEBUG osbfactory.support.DefaultListableBeanFactory-返回缓存的单例bean'错误'实例22:06:54.107 [http-nio-8280-exec-1] DEBUG osbfactory.support.DefaultListableBeanFactory-在名称为'的bean上调用afterPropertiesSet()错误'22:06:54.107 [http-nio-8280-exec-1]调试oswservlet.view.ContentNegotiatingViewResolver-Returnin g [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@2fb1fefe] based on requested media type 'text/html' 22:06:54.107 [http-nio-8280-exec-1] DEBUG org.springframework.web.servlet.DispatcherServlet - Rendering view [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@2fb1fefe] in DispatcherServlet with name 'dispatcherServlet' 22:06:54.113 [http-nio-8280-exec-1] DEBUG osojsupport.OpenEntityManagerInViewInterceptor - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor 22:06:54.113 [http-nio-8280-exec-1] DEBUG osorm.jpa.EntityManagerFactoryUtils - Closing JPA EntityManager 22:06:54.113 [http-nio-8280-exec-1] DEBUG org.springframework.web.servlet.DispatcherServlet - Successfully completed request 22:06:54.114 [http-nio-8280-exec-1] DEBUG osbfactory.support.DefaultListableBeanFactory - Returning cached instance of singleton bean 'delegatingApplicationListener' 22:07:02.728 [http-nio-8280-exec-2] DEBUG osboot.context.web.Order
g [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@2fb1fefe]基于请求的媒体类型'text / html'22:06:54.107 [http-nio-8280-exec-1]调试org.springframework.web .servlet.DispatcherServlet-名称为'dispatcherServlet'的DispatcherServlet中的渲染视图[org.springframework.boot.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@2fb1fefe] 22:06:54.113 [http-nio-8280-exec-1] DEBUG osojsupport。 OpenEntityManagerInViewInterceptor-在OpenEntityManagerInViewInterceptor中关闭JPA EntityManager 22:06:54.113 [http-nio-8280-exec-1] DEBUG osorm.jpa.EntityManagerFactoryUtils-关闭JPA EntityManager 22:06:54.113 [http-nio-8280-exec-1] DEBUG org.springframework.web.servlet.DispatcherServlet-成功完成请求22:06:54.114 [http-nio-8280-exec-1] DEBUG osbfactory.support.DefaultListableBeanFactory-返回单例bean'delegatingApplicationListener'的缓存实例22:07:02.728 [http-nio-8280-exec-2]调试osboot.context.web.Order edRequestContextFilter - Bound request context to thread: org.apache.catalina.connector.RequestFacade@13a7abbc 22:07:02.728 [http-nio-8280-exec-2] DEBUG ossweb.util.matcher.AntPathRequestMatcher - Checking match of request : '/students/1';
edRequestContextFilter-绑定到线程的请求上下文:org.apache.catalina.connector.RequestFacade@13a7abbc 22:07:02.728 [http-nio-8280-exec-2]调试ossweb.util.matcher.AntPathRequestMatcher-检查请求的匹配项:' / students / 1'; against '/css/ ' 22:07:02.728 [http-nio-8280-exec-2] DEBUG ossweb.util.matcher.AntPathRequestMatcher - Checking match of request : '/students/1';
针对'/ css /'22:07:02.728 [http-nio-8280-exec-2]调试ossweb.util.matcher.AntPathRequestMatcher-检查请求是否匹配:'/ students / 1'; against '/js/ ' 22:07:02.728 [http-nio-8280-exec-2] DEBUG ossweb.util.matcher.AntPathRequestMatcher - Checking match of request : '/students/1';
针对'/ js /'22:07:02.728 [http-nio-8280-exec-2]调试ossweb.util.matcher.AntPathRequestMatcher-检查请求是否匹配:'/ students / 1'; against '/images/ ' 22:07:02.728 [http-nio-8280-exec-2] DEBUG ossweb.util.matcher.AntPathRequestMatcher - Checking match of request : '/students/1';
针对'/ images /'22:07:02.728 [http-nio-8280-exec-2]调试ossweb.util.matcher.AntPathRequestMatcher-检查请求是否匹配:'/ students / 1'; against '/ /favicon.ico' 22:07:02.728 [http-nio-8280-exec-2] DEBUG ossweb.util.matcher.AntPathRequestMatcher - Checking match of request : '/students/1';
针对'/ /favicon.ico'22:07:02.728 [http-nio-8280-exec-2]调试ossweb.util.matcher.AntPathRequestMatcher-检查请求是否匹配:'/ students / 1'; against '/error' 22:07:02.728 [http-nio-8280-exec-2] DEBUG ossecurity.web.util.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/ '] 22:07:02.728 [http-nio-8280-exec-2] DEBUG ossweb.util.matcher.AntPathRequestMatcher - Request '/students/1' matched by universal pattern '/ ' 22:07:02.728 [http-nio-8280-exec-2] DEBUG ossecurity.web.util.matcher.OrRequestMatcher - matched 22:07:02.728 [http-nio-8280-exec-2] DEBUG org.springframework.security.web.FilterChainProxy - /students/1 at position 1 of 11 in additional filter chain;
针对“ /错误” 22:07:02.728 [http-nio-8280-exec-2]调试ossecurity.web.util.matcher.OrRequestMatcher-尝试使用Ant [pattern ='/ ']进行匹配22:07:02.728 [ http-nio-8280-exec-2]调试ossweb.util.matcher.AntPathRequestMatcher-请求'/ students / 1'与通用模式'/ ' 相匹配 22:07:02.728 [http-nio-8280-exec-2]调试ossecurity.web.util.matcher.OrRequestMatcher-匹配22:07:02.728 [http-nio-8280-exec-2] DEBUG org.springframework.security.web.FilterChainProxy-/ students / 1在附加过滤器中的11中的位置1链; firing Filter: 'WebAsyncManagerIntegrationFilter' 22:07:02.728 [http-nio-8280-exec-2] DEBUG org.springframework.security.web.FilterChainProxy - /students/1 at position 2 of 11 in additional filter chain;
触发过滤器:'WebAsyncManagerIntegrationFilter'22:07:02.728 [http-nio-8280-exec-2]调试org.springframework.security.web.FilterChainProxy-/ students / 1在附加过滤器链中的11的位置2; firing Filter: 'SecurityContextPersistenceFilter' 22:07:02.728 [http-nio-8280-exec-2] DEBUG org.springframework.security.web.FilterChainProxy - /students/1 at position 3 of 11 in additional filter chain;
触发过滤器:'SecurityContextPersistenceFilter'22:07:02.728 [http-nio-8280-exec-2]调试org.springframework.security.web.FilterChainProxy-/ students / 1在附加过滤器链中的11的位置3; firing Filter: 'HeaderWriterFilter' 22:07:02.728 [http-nio-8280-exec-2] DEBUG ossecurity.web.header.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@37ca7e0d 22:07:02.728 [http-nio-8280-exec-2] DEBUG org.springframework.security.web.FilterChainProxy - /students/1 at position 4 of 11 in additional filter chain;
触发筛选器:“ HeaderWriterFilter” 22:07:02.728 [http-nio-8280-exec-2]调试ossecurity.web.header.writers.HstsHeaderWriter-不注入HSTS标头,因为它与requestMatcher org.springframework.security不匹配。 web.header.writers.HstsHeaderWriter$SecureRequestMatcher@37ca7e0d 22:07:02.728 [http-nio-8280-exec-2] DEBUG org.springframework.security.web.FilterChainProxy-/ students / 1在附加过滤器中的11的位置4链; firing Filter: 'LogoutFilter' 22:07:02.728 [http-nio-8280-exec-2] DEBUG ossweb.util.matcher.AntPathRequestMatcher - Checking match of request : '/students/1';
触发过滤器:“ LogoutFilter” 22:07:02.728 [http-nio-8280-exec-2]调试ossweb.util.matcher.AntPathRequestMatcher-检查请求的匹配情况:“ / students / 1”; against '/logout' 22:07:02.728 [http-nio-8280-exec-2] DEBUG org.springframework.security.web.FilterChainProxy - /students/1 at position 5 of 11 in additional filter chain;
针对'/ logout'22:07:02.728 [http-nio-8280-exec-2] DEBUG org.springframework.security.web.FilterChainProxy-/ students / 1在附加过滤器链中的11的位置5; firing Filter: 'BasicAuthenticationFilter' 22:07:02.730 [http-nio-8280-exec-2] DEBUG osswawww.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'student1' 22:07:02.730 [http-nio-8280-exec-2] DEBUG ossecurity.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider 22:07:02.731 [http-nio-8280-exec-2] DEBUG ossauthentication.dao.DaoAuthenticationProvider - User 'student1' not found
触发筛选器:'BasicAuthenticationFilter'22:07:02.730 [http-nio-8280-exec-2]调试osswawww.BasicAuthenticationFilter-为用户'student1'找到基本身份验证授权标头22:07:02.730 [http-nio-8280-exec -2] DEBUG ossecurity.authentication.ProviderManager-使用org.springframework.security.authentication.dao.DaoAuthenticationProvider的身份验证尝试22:07:02.731 [http-nio-8280-exec-2] DEBUG ossauthentication.dao.DaoAuthenticationProvider-用户'student1 ' 未找到
The very end seems to be the most interesting although the rest is pretty ugly too: 尽管其余部分也很丑陋,但最后似乎是最有趣的:
ossauthentication.dao.DaoAuthenticationProvider - User 'student1' not found
ossauthentication.dao.DaoAuthenticationProvider-找不到用户'student1'
Here is where I called the initialize on Student (it's cheating because it should be called on a POST, but again, I was cheating just to put a Student in the database, and use that for authentication. It would be obviously different later on. Of course I could only make this GET when I temporarely deactivated the security on the app ): 这是我在Student上调用Initialize的地方(它作弊是因为应该在POST上调用它,但是再次,我作弊只是为了将Student放入数据库中,并使用它进行身份验证。稍后显然会有所不同。 当然,只有在暂时取消激活应用程序的安全性后,我才能进行此GET操作 :
@RequestMapping(value="/students", method=RequestMethod.GET, produces=MediaType.APPLICATION_JSON_UTF8_VALUE)
public ResponseEntity<Iterable<Student>> listStudents() {
LOGGER.info("/students controller method call"+new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss").format(new Date()));
Iterable<Student> studentsFound = studentRepository.findAll();
Student newStudent = new Student();
newStudent.initialize("student1");
studentRepository.save(newStudent);
return new ResponseEntity<Iterable<Student>>(studentsFound, HttpStatus.OK);
}
Do you think the Student instance itself is somehow not correct? 您是否认为Student实例本身不正确?
The problem is that when I start the application I still cannot authenticate myself with "student1"/"password", but only with the default "user"/.
问题是,当我启动应用程序时,我仍然无法使用“ student1” /“ password”进行身份验证,而只能使用默认的“ user” /进行身份验证。
It means the default user (configured by default AuthenticationManager
) is still enabled. 这意味着默认用户(默认由
AuthenticationManager
配置)仍处于启用状态。 In order to fix this issue, just Inject the AuthenticationManagerBuilder
to the configure
method: 为了解决此问题,只需将
AuthenticationManagerBuilder
注入 configure
方法:
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception { ... }
Based on Spring boot documentation : 基于Spring引导文档 :
To also switch off the authentication manager configuration you can add a bean of type
AuthenticationManager
, or else configure the global AuthenticationManager by autowiring an AuthenticationManagerBuilder into a method in one of your @Configuration classes .要也关闭身份验证管理器配置,您可以添加
AuthenticationManager
类型的bean,或者通过将AuthenticationManagerBuilder自动装配到@Configuration类之一的方法中来配置全局AuthenticationManager 。
So, in order to disable the default AuthenticationManager
, you should Autowire
an AuthenticationManagerBuilder
to a configuration method. 因此,为了禁用默认
AuthenticationManager
,你应该Autowire
的AuthenticationManagerBuilder
的配置方法。
I know it's off topic but the following piece of code seems extremely inefficient to me: 我知道这不是主题,但是以下代码对我而言似乎效率极低:
Iterable<Student> studentsWithIds = studentRepository.findAll();
for (Student student: studentsWithIds) {
if (student.getName() == username) {
return studentRepository.findOne(student.getId());
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.