使用Spring Security和自定义数据库的Spring Boot
[英]Spring boot with Spring Security and custom database
问题描述
对不起,我的英语不好。
由于更改了数据库配置,因此无法成功登录我的应用程序。 我正在使用Spring安全性。 在进行更改之前,一切正常。
我有两个实体:
- User.java
- UserRole.java
User.java
package betizy.models;
//imports
@Entity
@Table(name = "use_user")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USE_ID")
private Long id;
@NotNull
@Column(name = "USE_USERNAME")
private String username;
@NotNull
@Column(name = "USE_PASSWORD")
private String password;
@NotNull
@Column(name = "USE_EMAIL")
private String email;
//getters and setters
}
UserRole.java
package betizy.models;
//imports
@Entity
@Table(name = "usr_user_role")
public class UserRole {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USR_ID")
private Long id;
@ManyToOne
@JoinColumn(name = "USR_USE_ID")
private User user;
@NotNull
@Column(name = "USR_ROLE")
private String role;
//getters and setters
}
login.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<title>Spring Security Example </title>
<script src="/webjars/angularjs/1.4.9/angular.js"></script>
<script src="webjars/jquery/2.0.3/jquery.min.js"></script>
<link rel="stylesheet" href="/webjars/bootstrap/3.3.6/css/bootstrap.css">
<script src="/js/index.js"></script>
</head>
<body ng-app="Betizy">
<div header></div>
<div th:if="${param.error}">
Invalid username and password.
</div>
<div th:if="${param.logout}">
You have been logged out.
</div>
<form th:action="@{/login}" method="post">
<div><label> User Name : <input type="text" name="username" required/> </label></div>
<div><label> Password: <input type="password" name="password" required/> </label></div>
<div><input type="submit" value="Sign In"/></div>
</form>
<div>To open a new account click <a href="/register">here</a>. </div>
<div footer></div>
</body>
</html>
SecurityConfig.java
package betizy.security;
//imports
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
//.passwordEncoder(passwordEncoder())
.usersByUsernameQuery(
"select * from use_user where use_user.use_username=?")
.authoritiesByUsernameQuery(
"select * from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=?");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//.antMatchers("/hello").access("hasRole('ROLE_ADMIN')")
.antMatchers("/", "/register", "/user/create", "/webjars/**", "/js/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.logout().permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.csrf().disable();
}
}
我认为问题出在我的User实体字段的名称或我在SecurityConfig.java中的两个查询的名称,但是我知道该如何解决我的问题。
我必须保留数据库配置(字段名称)。
预先感谢您的帮助 ! :)
编辑
经过两次更改,所有方法都可以使用,但它不是一个好的数据库。 我将发布两个数据库之间的差异以及SecurityConfig.java中的差异
使用SecurityConfig.java
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select username,password, enabled from users where username=?")
.authoritiesByUsernameQuery(
"select username, role from user_roles where username=?");
}
其次,它不起作用。 我无法发布链接,但是您在User.java和UserRole.java中拥有上面的完美描述
使用SecurityConfig.java
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select use_username, use_password, use_email from use_user where use_username=?")
.authoritiesByUsernameQuery(
"select use_username, usr_role from usr_user_role, use_user where use_id = usr_use_id and use_username=?");
}
1 个解决方案
解决方案1
3 已采纳 2017-01-03 12:23:12
请更改SQL以按顺序而不是*返回列名;
<!-- change to your own column name, return the columns in order-->
select <username,password,enabled> from use_user where use_user.use_username=?
和AUTHORITIES SQL
<!-- change to your own column name, the authority must be second column -->
select <username,authority> from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=?
更详细的信息,请参见此处 ,确定,这是代码,我认为更容易理解为什么应按顺序返回各列。
protected List<UserDetails> loadUsersByUsername(String username) {
return getJdbcTemplate().query(this.usersByUsernameQuery,
new String[] { username }, new RowMapper<UserDetails>() {
@Override
public UserDetails mapRow(ResultSet rs, int rowNum)
throws SQLException {
// get user info
String username = rs.getString(1);
String password = rs.getString(2);
boolean enabled = rs.getBoolean(3);
return new User(username, password, enabled, true, true, true,
AuthorityUtils.NO_AUTHORITIES);
}
});
}
protected List<GrantedAuthority> loadUserAuthorities(String username) {
return getJdbcTemplate().query(this.authoritiesByUsernameQuery,
new String[] { username }, new RowMapper<GrantedAuthority>() {
@Override
public GrantedAuthority mapRow(ResultSet rs, int rowNum)
throws SQLException {
//get GrantedAuthority
String roleName = JdbcDaoImpl.this.rolePrefix + rs.getString(2);
return new SimpleGrantedAuthority(roleName);
}
});
}
Spring安全和自定义AuthenticationFilter与Spring启动
[英]Spring security and custom AuthenticationFilter with Spring boot
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
自定义 spring 启动安全未应用
Spring Boot Security 4自定义PasswordEncoder
Spring Boot 安全中的数据库认证
Spring安全和自定义AuthenticationFilter与Spring启动
Spring Boot + Spring Security 的自定义登录页面
Spring Boot,Spring安全链接数据库
弹簧安全和弹簧靴
Spring Boot Security自定义登录表单
带有自定义 AngularJS 登录页面的 Spring Boot 和安全性
Spring Boot OAuth2带有自定义安全过滤器
相关标签