[英]Unauthorized calls after configuring spring security
我想保護我的REST端點,但是我遇到了麻煩...我在使用inMemoryAuth
,但是因為我試圖使用存儲在數據庫中的憑據 - 它停止了工作。
好的,所以我的Entity
類看起來像那樣
class User {
@Id
@GeneratedValue
@Column(name = "user_id")
private Integer id;
@Column
private String username;
@Column
private String password;
@ManyToMany
@JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id"))
private Set<Role> roles;
}
class Role {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "role_id")
private Integer id;
@Column(name = "role")
private String role;
}
我的安全配置
@Configuration
class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Value("${spring.queries.users-query}")
private String usersQuery;
@Value("${spring.queries.roles-query}")
private String rolesQuery;
private DataSource dataSource;
public SecurityConfiguration(DataSource dataSource) {
this.dataSource = dataSource;
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.usersByUsernameQuery(usersQuery)
.authoritiesByUsernameQuery(rolesQuery)
.dataSource(dataSource)
.passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/task/**").hasRole("USER")
.and()
.csrf().disable()
.formLogin().disable();
}
}
最后, application.properties
spring.jpa.hibernate.ddl-auto=update
spring.datasource.url=jdbc:mysql://localhost:3306/teamplanner?useUnicode=true&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=Europe/Warsaw
spring.datasource.username=root
spring.datasource.password=root
spring.queries.users-query=select username, password from user where username=?
spring.queries.roles-query=select u.username, r.role from user u inner join user_role ur on(u.user_id=ur.user_id) inner join role r on(ur.role_id=r.role_id) where u.username=?
現在,我正在嘗試使用郵遞員中的Basic auth調用/ task / all,我得到了
{
"timestamp": "2019-04-21T22:50:17.189+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/task/all"
}
如果我直接在數據庫中運行它們,我存儲在application.properties中的兩個查詢都會返回記錄
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.