[英]Spring Security 5.1.5 with WebFlux user disable not working
I am trying to implement a Web Application using Spring WebFlux Framework and MongoDB.我正在尝试使用 Spring WebFlux 框架和 MongoDB 实现一个 Web 应用程序。 Everything is working as expected, but even though the enabled property is set to false in the database, It's still allowing me to log in successfully.
一切都按预期工作,但即使数据库中的enabled属性设置为false ,它仍然允许我成功登录。 Which should not be the case.
这不应该是这种情况。 My Security Config is as below -
我的安全配置如下 -
@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class WebfluxSecurityConfig {
@Autowired
private Constants constants;
@Autowired
private UserRepository userRepo;
@Bean
public ReactiveUserDetailsService userDetailsService(UserRepository users) {
return (username) -> users.findByUsername(username)
.map(u -> new UserAuth(u.getUserId()
, u.getUsername()
, u.getPassword()
, u.isEnabled()
, !u.isAccountExpired()
, !u.isCredentialsExpired()
, !u.isAccountLocked()
, UserAuth.getGrantedAuthorities(u.getRoles().toArray(new String[0]))
, StringUtils.isEmpty(u.getAuthSalt()) ? u.getUsername() : u.getAuthSalt()
)
);
}
@Bean
public SecurityWebFilterChain springSecurityFilterChain3(ServerHttpSecurity http) {
http
.authorizeExchange()
.pathMatchers("/web/**").authenticated()
.pathMatchers("/**").permitAll()
.and().formLogin()
.loginPage("/login")
.and().logout()
.logoutUrl("/logout");
return http.build();
}
}
User entry in mongodb is - mongodb 中的用户条目是 -
{
"_id": "5d149e3b3c1206008cf56af9",
"username": "admin",
"password": "{noop}admin",
"firstName": "Admin",
"lastName": "1",
"email": "admin@eightfolds.in",
"enabled": false,
"accountLocked": true,
"roles": ["ADMIN"]
}
Can anyone please help me to understand what I am doing wrong.任何人都可以帮助我了解我做错了什么。
Still not able to figure out.还是想不通。
Thank you for reporting this.感谢您报告此事。
Your configuration has nothing wrong with it.你的配置没有问题。 The behaviour of checking whether a user account is disabled is not yet part of WebFlux.
检查用户帐户是否被禁用的行为还不是 WebFlux 的一部分。
I have created an issue on the spring-security GitHub repo to add this functionality.我在 spring-security GitHub 存储库上创建了一个 问题来添加此功能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.