已解决 - 问题在于用户角色,预期弹出 ROLE_USER ,我正在传递 USER 。感谢您的提示。
我试图保护我的Spring Boot应用程序。所有在内存验证中都可以正常工作:
auth.inMemoryAuthentication()
.withUser("new")
.password("asd")
.roles("USER");
但我需要数据库身份验证,因此在我的User类中我实现了 UserDetails :
@Entity
public class User implements UserDetails {
/**
*
*/
private static final long serialVersionUID = -8281468636068319152L;
@Id
@GeneratedValue(strategy=GenerationType.SEQUENCE)
private long id;
@NotNull
private String login;
@NotNull
private String password;
private Role role;
public User() {
}
public User(long id, String login, String password) {
this.id = id;
this.login = login;
this.password = password;
}
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getLogin() {
return login;
}
public void setLogin(String login) {
this.login = login;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
Set<GrantedAuthority> authorities = new HashSet<>();
if (role == null) {
return null;
}
if (role.equals(Role.ADMIN)) {
authorities.add(Role.ADMIN);
}
authorities.add(Role.USER);
return authorities;
}
@Override
public String getUsername() {
return this.login;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
作用:
public enum Role implements GrantedAuthority {
ADMIN,
USER;
@Override
public String getAuthority() {
return this.name();
}
}
并创建了一个这样的服务来加载用户:
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
User user = userRepository.findByLogin(username);
if ( user == null )
throw new UsernameNotFoundException("User not found");
return user;
}
}
配置应用程序时,我更改了内存身份验证:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
auth.authenticationProvider(daoAuthenticationProvider);
}
HttpSecurity是:
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/**")
.hasRole("USER")
.and()
.httpBasic();
// @formatter:on
}
在此配置之后,我无法获取应用程序内容,因为弹出错误403:禁止访问
在控制台上我得到:
2015-04-01 20:59:51.515 DEBUG 5476 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet:DispatcherServlet,名称为&#39; dispatcherServlet&#39;处理[/ error]的GET请求 2015-04-01 20:59:51.516 DEBUG 5476 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping:查找路径/错误的处理程序方法 2015-04-01 20:59:51.517 DEBUG 5476 --- [nio-8080-exec-2] s.w.s.m.m.a.RequestMappingHandlerMapping:返回处理程序方法[public org.springframework.http.ResponseEntity&gt; org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)] 2015-04-01 20:59:51.517 DEBUG 5476 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet:[/ error]的Last-Modified值为:-1
看起来Spring在安全配置后找不到我的@RequestMapping。
任何消化?