Question

尝试配置jdbc身份验证。我可以使用内存数据库，但是一旦我改为jdbc，就会失败。

这是我的网络安全：

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private DataSource dataSource;


@Autowired
public void registerGlobal(AuthenticationManagerBuilder auth) throws Exception {

    auth
    .jdbcAuthentication()
        .dataSource(dataSource)
        .withUser("user")
            .password("password")
            .roles("USER").and().withUser("testuser").password("test").roles("ADMIN","USER");

  }

}

我的登录页面很好。输入凭据，我陷入无限循环错误：

Exception in thread "http-bio-8080-exec-5" java.lang.StackOverflowError
    at org.apache.log4j.Hierarchy.isDisabled(Hierarchy.java:356)
    at org.apache.log4j.Category.isDebugEnabled(Category.java:734)
    at org.slf4j.impl.Log4jLoggerAdapter.isDebugEnabled(Log4jLoggerAdapter.java:199)
    at org.apache.commons.logging.impl.SLF4JLocationAwareLog.isDebugEnabled(SLF4JLocationAwareLog.java:67)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:144)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:423)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:423)

如果我使用嵌入式数据库（H2），这可以正常工作，但在Oracle中失败。

感谢任何帮助。

THX

Answer 1

我遇到了相同的循环身份验证错误。通过删除来实现它：

.withUser("user")
        .password("password")
        .roles("USER").and().withUser("testuser").password("test").roles("ADMIN","USER");

并添加到您的配置http：

    @Override
protected void configure(HttpSecurity http) throws Exception {

     http (... loginPage etc)
            .authorizeRequests()
            .antMatchers("/**").hasRole("ADMIN");
    ;
}

类看起来像这样：

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityJDBCConfig extends WebSecurityConfigurerAdapter {

@Autowired
DataSource dataSource;

@Autowired
public void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
    auth.jdbcAuthentication()
            .dataSource(dataSource);
}

@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    http
            .csrf().disable()
            .formLogin()
            .loginPage("/enter")
            .failureUrl("/enter?error")
            .permitAll()
            .and()
            .logout()
            .permitAll()
            .and()
            .authorizeRequests()
            .antMatchers("/resources/**").permitAll()
            .antMatchers("/static/**").permitAll()
            .antMatchers("/**").hasRole("AUTH");
}

}

确保您的数据库表设置插入了有效的用户/角色。

spring jdbcauthentication stackoverflower

1 个答案: