堆栈内存溢出
  简体   繁体   English

带有 WebFlux 用户禁用功能的 Spring Security 5.1.5 不起作用

[英]Spring Security 5.1.5 with WebFlux user disable not working

 原文  2019-07-11 12:37:58       java/ spring/ spring-security/ spring-webflux

问题描述

I am trying to implement a Web Application using Spring WebFlux Framework and MongoDB.我正在尝试使用 Spring WebFlux 框架和 MongoDB 实现一个 Web 应用程序。 Everything is working as expected, but even though the enabled property is set to false in the database, It's still allowing me to log in successfully.一切都按预期工作,但即使数据库中的enabled属性设置为false ,它仍然允许我成功登录。 Which should not be the case.这不应该是这种情况。 My Security Config is as below -我的安全配置如下 -

@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class WebfluxSecurityConfig {

    @Autowired
    private Constants constants;
    @Autowired
    private UserRepository userRepo;

    @Bean
    public ReactiveUserDetailsService userDetailsService(UserRepository users) {
         return (username) -> users.findByUsername(username)
                    .map(u -> new UserAuth(u.getUserId()
                            , u.getUsername()
                            , u.getPassword()
                            , u.isEnabled()
                            , !u.isAccountExpired()
                            , !u.isCredentialsExpired()
                            , !u.isAccountLocked()
                            , UserAuth.getGrantedAuthorities(u.getRoles().toArray(new String[0]))
                            , StringUtils.isEmpty(u.getAuthSalt()) ? u.getUsername() : u.getAuthSalt()
                        )
                    );
    }

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain3(ServerHttpSecurity http) {
         http
          .authorizeExchange()
              .pathMatchers("/web/**").authenticated()
              .pathMatchers("/**").permitAll()
          .and().formLogin()
                .loginPage("/login")
          .and().logout()
                .logoutUrl("/logout");

         return http.build();
    }
}

User entry in mongodb is - mongodb 中的用户条目是 -

{
    "_id": "5d149e3b3c1206008cf56af9",
    "username": "admin",
    "password": "{noop}admin",
    "firstName": "Admin",
    "lastName": "1",
    "email": "admin@eightfolds.in",
    "enabled": false,
    "accountLocked": true,
    "roles": ["ADMIN"]
}

Can anyone please help me to understand what I am doing wrong.任何人都可以帮助我了解我做错了什么。

Still not able to figure out.还是想不通。

1 个解决方案

解决方案1
 1  2019-07-17 14:34:28

Thank you for reporting this.感谢您报告此事。
Your configuration has nothing wrong with it.你的配置没有问题。 The behaviour of checking whether a user account is disabled is not yet part of WebFlux.检查用户帐户是否被禁用的行为还不是 WebFlux 的一部分。
I have created an issue on the spring-security GitHub repo to add this functionality.我在 spring-security GitHub 存储库上创建了一个 问题来添加此功能。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring webflux 安全 - 使用属性禁用 csrf - Spring webflux Security - Disable csrf with property Spring WebFlux 安全 OAuth 2.0 用户服务 - Spring WebFlux Security OAuth 2.0 User Service 如何在 Webflux 功能端点的测试中禁用 Spring 安全性 - How to disable Spring Security on Tests for Webflux Functional Endpoints 使用 spring-security 和 spring-webflux 时禁用 WebSession 创建 - Disable WebSession creation when using spring-security with spring-webflux 将 Spring Security AbstractAuthenticationProcessingFilter 迁移到 WebFlux - Migrating Spring Security AbstractAuthenticationProcessingFilter to WebFlux 如何在 Spring Boot Security 中启用或禁用用户 - How to enable or disable user in Spring Boot Security Spring Security 用户身份验证不起作用 - Spring Security user authentication not working 如何在Spring WebFlux Security(响应式Spring Security)配置中将多个用户角色添加到单个pathMatcher / Route中? - How can i add multiple user roles to single pathMatcher/Route in Spring WebFlux Security(Reactive Spring Security) Config? 在 spring security + spring boot 中禁用同一用户的多次登录 - Disable multiple logins for same user in spring security + spring boot 如何在反应式 webflux 中获取 spring 安全上下文 - How to get spring security context in reactive webflux
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM