我的项目是最新的Spring Boot + Jersey,我遇到登录验证问题。
我的安全配置是:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Autowired
private DataSource datasource;
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.csrf().disable().authorizeRequests()
.antMatchers("/api/user/**").permitAll()
.antMatchers("/api/**").authenticated().and().httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder());
auth.jdbcAuthentication().dataSource(datasource);
}
@Bean
public UserDetailsService userDetailsService()
{
return new CustomUserDetailsService(datasource);
}
}
但是当我这样做时:
@POST
@Path("authenticate")
@Produces(MediaType.APPLICATION_JSON)
public Response authenticate(@HeaderParam("username") String username, @HeaderParam("password") String password)
{
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(username, password);
Authentication authentication = this.authManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
UserDetails userDetails = this.userService.loadUserByUsername(username);
return createOkResponse(userDetails.getUsername());
}
authenticate方法在InMemoryUserDetailsManager中使用而不是CustomUserDetailsService,我需要进行登录验证。 我该如何改变?
如果需要:
public class CustomUserDetailsService extends JdbcUserDetailsManager implements UserDetailsService
{
@Autowired
private UserRepository userRepository;
public CustomUserDetailsService(DataSource datasource)
{
setDataSource(datasource);
}
@Override
public CurrentUserInfo loadUserByUsername(String email)
throws UsernameNotFoundException
{
User user = userRepository.findByPrimaryEmailAndEnabledTrue(email);
handleUserNotFound(email, user);
return new CurrentUserInfo(user);
}
private void handleUserNotFound(String email, User user)
{
if (user == null)
{
throw new UsernameNotFoundException("No user found with email: " + email);
}
}
}
Starter依赖项:
compile("org.springframework.boot:spring-boot-starter-web") {
exclude module: 'spring-boot-starter-tomcat'
}
compile "org.springframework.boot:spring-boot-starter-jetty"
compile "org.springframework.boot:spring-boot-starter-security"
compile "org.springframework.boot:spring-boot-starter-aop"
compile "org.springframework.boot:spring-boot-starter-data-jpa"
compile "org.springframework.boot:spring-boot-starter-thymeleaf"
compile "org.springframework.boot:spring-boot-starter-jersey"
compile("org.springframework.boot:spring-boot-starter-actuator") { exclude module: 'hsqldb' }
答案 0 :(得分:0)
问题是你正在注册" AuthenticationManager只能用于/api URI,并且不会作为bean公开给ApplicationContext。当使用Spring Boot时,它将添加一个全局的,并为其注入一个生成密码的默认用户。
Spring Boot autoconfig将检测已有可用AuthenticationManager的存在。要注册一个全局的,只需创建一个方法,该方法将AuthenticationManagerBuilder作为参数,并使用@Autowired注释。只是确保它没有被命名为configure,因为它不起作用。
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder());
auth.jdbcAuthentication().dataSource(datasource);
}