spring-boot 未調用自定義 UserDetailsService
[英]Custom UserDetailsService is not called by spring-boot
問題描述
我正在嘗試在 spring-security 中使用UserDetailsService spring-security來實現我的身份驗證邏輯。 但是,在 HTTP 請求期間不會調用UserDetailsService ervice。 這是代碼:
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserService userService;
@Override
public UserDetails loadUserByUsername(String userId) throws UsernameNotFoundException {
Optional<User> user = userService.getById(Long.parseLong(userId));
if (user.isEmpty()) {
throw new UsernameNotFoundException("User " + userId + " not found");
}
return new org.springframework.security.core.userdetails.User(
user.get().getName(),
user.get().getHashedPassword(),
List.of());
}
}
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
protected void configure(HttpSecurity http) throws Exception { // (2)
http.authorizeRequests()
.antMatchers("/user/add", "/user/loginByEmail").permitAll() // (3)
.anyRequest().authenticated()
.and()
.logout()
.permitAll()
.and()
.httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService)
.passwordEncoder(passwordEncoder);
}
}
我用一個測試來測試認證邏輯,這里是測試代碼的核心:
MvcResult addMvcResult = mockMvc.perform(post("/habit/friend/addById")
.with(SecurityMockMvcRequestPostProcessors.httpBasic("Joey", "password"))
.contentType("application/json")
.content(StringUtils.toJSONString(addFriendRequestByIdDTO)))
.andExpect(status().isOk())
.andReturn();
日志顯示驗證header是通過spring-test插入的:
MockHttpServletRequest:
HTTP Method = POST
Request URI = /habit/friend/addById
Parameters = {}
Headers = [Content-Type:"application/json;charset=UTF-8", Content-Length:"47", Authorization:"Basic Sm9leTpwYXNzd29yZA=="]
Body = {
"currentUserId" : 1,
"friendUserId" : 2
}
Session Attrs = {org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository.CSRF_TOKEN=org.springframework.security.web.csrf.DefaultCsrfToken@3a48c398}
但是,身份驗證失敗,我得到了 403,並且從未調用過CustomUserDetailsService 。 為什么?
1 個解決方案
解決方案1
0 2022-09-24 11:31:23
您的問題似乎是 CSRF 而不是 UserDetailsService 的實現未注冊,從 Spring 4.x 開始,默認情況下啟用 CSRF 保護,除非您將其關閉
http
.csrf()
.disable()
你會得到 403 錯誤。
Spring Boot:使用自定義UserDetailsService配置AuthenticationManager
[英]Spring Boot: Configuring AuthenticationManager with custom UserDetailsService
Spring Security-未調用自定義userDetailsService實現
[英]Spring security - custom userDetailsService implemenation not getting called
Spring 安全 5 - 我的自定義 UserDetailsService 未被調用
[英]Spring Security 5 - My custom UserDetailsService is not called
Spring-boot WebMvcTest,當我提供模擬的 UserDetailsService 時,為什么會得到這個 NullPointer?
[英]Spring-boot WebMvcTest, why am i getting this NullPointer when i provide a mocked UserDetailsService?
Autowire不適用於Spring Boot中的自定義UserDetailsService
[英]Autowire doesn't work for custom UserDetailsService in Spring Boot
Spring Boot OAuth2具有基本身份驗證和自定義UserDetailsService
[英]Spring Boot OAuth2 with basic authentication and custom UserDetailsService
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
使用自定義UserDetailsService進行Spring Boot
未調用自定義 Spring UserDetailsService
永遠不會調用UserDetailsService(Spring啟動安全性)
Spring Boot:使用自定義UserDetailsService配置AuthenticationManager
Spring Security-未調用自定義userDetailsService實現
Spring 安全 5 - 我的自定義 UserDetailsService 未被調用
spring-boot中的自定義ConstraintViolationException
Spring-boot WebMvcTest,當我提供模擬的 UserDetailsService 時,為什么會得到這個 NullPointer?
Autowire不適用於Spring Boot中的自定義UserDetailsService
Spring Boot OAuth2具有基本身份驗證和自定義UserDetailsService
相關標簽