堆栈内存溢出
  简体   繁体   English

Spring 4 Security jdbc身份验证

[英]Spring 4 Security jdbc authentication

 原文  2018-08-21 08:41:42       java/ spring/ spring-security

问题描述

I'm trying to get JDBC authentication to work with my little side project, by the looks of it, it should work, but it does not. 我正在尝试使JDBC身份验证与我的小型项目一起工作,从外观上看,它应该可以工作,但不能。 All the configurations follow bellow. 所有配置如下。

If I switch to inMemory auth which has the same username/password it works perfectly. 如果我切换到具有相同用户名/密码的inMemory auth,则可以正常运行。

This is what I get if I log the output: 这是我在记录输出时得到的:

1]

AuthenticationManagerBuilder configuration: AuthenticationManagerBuilder配置: 

@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {

    auth.jdbcAuthentication().dataSource(dataSource)
            .usersByUsernameQuery("select user_name as username, password, enabled from gag.users as u where u.user_name=?")
            .authoritiesByUsernameQuery("select user_name as username, role from gag.user_roles as u where u.user_name=?");
}

HttpSecurity configuration: HttpSecurity配置: 

@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http.authorizeRequests()
            .antMatchers("/").permitAll()
            .antMatchers("/post/**").hasRole("USER")
            .and()
                .formLogin()
                    .loginPage("/login")
            .and()
                .exceptionHandling().accessDeniedPage("/denied")
            .and()
                .csrf().disable();
    // @formatter:on
}

DB Tables: 数据库表: 

CREATE TABLE gag.USERS(
    id SERIAL PRIMARY KEY,
    user_name varchar(30) UNIQUE,
    password varchar(30),
    enabled BOOLEAN NOT NULL DEFAULT TRUE
);

CREATE TABLE gag.USER_ROLES(
    id SERIAL PRIMARY KEY,
    user_name varchar(30) REFERENCES gag.USERS(user_name) NOT NULL,
    role varchar(30) NOT NULL,
    UNIQUE(user_name, role)
);

INSERT INTO gag.USERS(user_name, password, enabled) VALUES('admin', 'admin', TRUE);
INSERT INTO gag.USER_ROLES(user_name, role) VALUES('admin', 'USER');

Any ideas why I am getting 403 for a user who does have the correct role? 为什么我会为角色正确的用户获得403的任何想法?

1 个解决方案

解决方案1
 2 已采纳  2018-08-21 08:54:34

Since the version of 4, Spring Security framework adds automatically the prefix ROLE_ . 从版本4开始,Spring Security框架会自动添加前缀ROLE_ See the relevant documtnation about migrating from Spring Security 3.x to 4.x: 请参阅有关从Spring Security 3.x迁移到4.x的相关文档:

  • 8. Automatic ROLE_ prefixing : 8.自动ROLE_前缀

    Spring Security 4 automatically prefixes any role with ROLE_. Spring Security 4自动为任何角色添加ROLE_前缀。 The changes were made as part of SEC-2758 所做的更改是SEC-2758的一部分

    So you have to change the insertion to: 因此,您必须将插入内容更改为: 

     INSERT INTO gag.USER_ROLES(user_name, role) VALUES('admin', 'ROLE_USER');

  • 8.3. 8.3。 Disable ROLE_ Prefixing 禁用ROLE_前缀

    If you want to omit the ROLE_ prefix, you might find interesting the article linked above. 如果您想省略ROLE_前缀,您可能会发现上面链接的文章很有趣。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 登录验证 - Spring 启动安全,JDBC - Login authentication - Spring Boot Security, JDBC Spring Security JDBC 认证登录用户错误 - Spring Security JDBC authentication login user error Spring-Security:MySQL JDBC身份验证失败 - Spring-Security: MySQL JDBC Authentication fails Spring 启动安全 JDBC 基本认证失败 - Spring Boot Security JDBC Basic Authentication Failure Spring Security中如何在内存身份验证和jdbc身份验证中同时配置 - how to configure both in memory authentication and jdbc authentication in spring security 如何在Flyway中使用Spring Boot / Spring Security的JDBC身份验证 - How to use JDBC-Authentication of Spring Boot/Spring Security with Flyway Spring Security JDBC身份验证是否在每个请求上都命中数据库 - Does Spring security JDBC authentication hit the Data base on every request Spring 安全 JDBC 使用自定义用户名和密码查询进行身份验证 - Spring Security JDBC Authentication with Custom Username and Password Queries 带有jdbc的Spring Security 3.0 - Spring Security 3.0 with jdbc Spring Security JDBC和Hibernate JPA - Spring Security JDBC and Hibernate JPA
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM