Spring Boot,安全登录无限查询

时间:2016-04-20 02:59:36

标签: java spring spring-mvc spring-security spring-boot

我试图在我的春季启动应用中实现Spring安全性。 但每当我登录时,我都会得到无限的查询并最终导致stackoverflow错误。

Hibernate: select useraccoun0_.id as id1_1_, useraccoun0_.email as email2_1_, useraccoun0_.first_name as first_na3_1_, useraccoun0_.last_name as last_nam4_1_, useraccoun0_.password as password5_1_, useraccoun0_.status as status6_1_ from user_account useraccoun0_ where useraccoun0_.email=?
Hibernate: select roles0_.userid as userid1_1_0_, roles0_.roleid as roleid2_2_0_, role1_.id as id1_0_1_, role1_.name as name2_0_1_ from user_roles roles0_ inner join role role1_ on roles0_.roleid=role1_.id where roles0_.userid=?
Hibernate: select user0_.roleid as roleid2_0_0_, user0_.userid as userid1_2_0_, useraccoun1_.id as id1_1_1_, useraccoun1_.email as email2_1_1_, useraccoun1_.first_name as first_na3_1_1_, useraccoun1_.last_name as last_nam4_1_1_, useraccoun1_.password as password5_1_1_, useraccoun1_.status as status6_1_1_ from user_roles user0_ inner join user_account useraccoun1_ on user0_.userid=useraccoun1_.id where user0_.roleid=?
Hibernate: select roles0_.userid as userid1_1_0_, roles0_.roleid as roleid2_2_0_, role1_.id as id1_0_1_, role1_.name as name2_0_1_ from user_roles roles0_ inner join role role1_ on roles0_.roleid=role1_.id where roles0_.userid=?
Hibernate: select user0_.roleid as roleid2_0_0_, user0_.userid as userid1_2_0_, useraccoun1_.id as id1_1_1_, useraccoun1_.email as email2_1_1_, useraccoun1_.first_name as first_na3_1_1_, useraccoun1_.last_name as last_nam4_1_1_, useraccoun1_.password as password5_1_1_, useraccoun1_.status as status6_1_1_ from user_roles user0_ inner join user_account useraccoun1_ on user0_.userid=useraccoun1_.id where user0_.roleid=?
Hibernate: select roles0_.userid as userid1_1_0_, roles0_.roleid as roleid2_2_0_, role1_.id as id1_0_1_, role1_.name as name2_0_1_ from user_roles roles0_ inner join role role1_ on roles0_.roleid=role1_.id where roles0_.userid=?
Hibernate: select user0_.roleid as roleid2_0_0_, user0_.userid as userid1_2_0_, useraccoun1_.id as id1_1_1_, useraccoun1_.email as email2_1_1_, useraccoun1_.first_name as first_na3_1_1_, useraccoun1_.last_name as last_nam4_1_1_, useraccoun1_.password as password5_1_1_, useraccoun1_.status as status6_1_1_ from user_roles user0_ inner join user_account useraccoun1_ on user0_.userid=useraccoun1_.id where user0_.roleid=?
Hibernate: select roles0_.userid as userid1_1_0_, roles0_.roleid as roleid2_2_0_, role1_.id as id1_0_1_, role1_.name as name2_0_1_ from user_roles roles0_ inner join role role1_ on roles0_.roleid=role1_.id where roles0_.userid=?
Hibernate: select user0_.roleid as roleid2_0_0_, user0_.userid as userid1_2_0_, useraccoun1_.id as id1_1_1_, useraccoun1_.email as email2_1_1_, useraccoun1_.first_name as first_na3_1_1_, useraccoun1_.last_name as last_nam4_1_1_, useraccoun1_.password as password5_1_1_, useraccoun1_.status as status6_1_1_ from user_roles user0_ inner join user_account useraccoun1_ on user0_.userid=useraccoun1_.id where user0_.roleid=?
Hibernate: select roles0_.userid as userid1_1_0_, roles0_.roleid as roleid2_2_0_, role1_.id as id1_0_1_, role1_.name as name2_0_1_ from user_roles roles0_ inner join role role1_ on roles0_.roleid=role1_.id where roles0_.userid=?
Hibernate: select user0_.roleid as roleid2_0_0_, user0_.userid as userid1_2_0_, useraccoun1_.id as id1_1_1_, useraccoun1_.email as email2_1_1_, useraccoun1_.first_name as first_na3_1_1_, useraccoun1_.last_name as last_nam4_1_1_, useraccoun1_.password as password5_1_1_, useraccoun1_.status as status6_1_1_ from user_roles user0_ inner join user_account useraccoun1_ on user0_.userid=useraccoun1_.id where user0_.roleid=?
Hibernate: select roles0_.userid as userid1_1_0_, roles0_.roleid as roleid2_2_0_, role1_.id as id1_0_1_, role1_.name as name2_0_1_ from user_roles roles0_ inner join role role1_ on roles0_.roleid=role1_.id where roles0_.userid=?
Hibernate: select user0_.roleid as roleid2_0_0_, user0_.userid as userid1_2_0_, useraccoun1_.id as id1_1_1_, useraccoun1_.email as email2_1_1_, useraccoun1_.first_name as first_na3_1_1_, useraccoun1_.last_name as last_nam4_1_1_, useraccoun1_.password as password5_1_1_, useraccoun1_.status as status6_1_1_ from user_roles user0_ inner join user_account useraccoun1_ on user0_.userid=useraccoun1_.id where user0_.roleid=?
Hibernate: select roles0_.userid as userid1_1_0_, roles0_.roleid as roleid2_2_0_, role1_.id as id1_0_1_, role1_.name as name2_0_1_ from user_roles roles0_ inner join role role1_ on roles0_.roleid=role1_.id where roles0_.userid=?
Hibernate: select user0_.roleid as roleid2_0_0_, user0_.userid as userid1_2_0_, useraccoun1_.id as id1_1_1_, useraccoun1_.email as email2_1_1_, useraccoun1_.first_name as first_na3_1_1_, useraccoun1_.last_name as last_nam4_1_1_, useraccoun1_.password as password5_1_1_, useraccoun1_.status as status6_1_1_ from user_roles user0_ inner join user_account useraccoun1_ on user0_.userid=useraccoun1_.id where user0_.roleid=?
Hibernate: select user0_.roleid as roleid2_0_0_, user0_.userid as userid1_2_0_, useraccoun1_.id as id1_1_1_, useraccoun1_.email as email2_1_1_, useraccoun1_.first_name as first_na3_1_1_, useraccoun1_.last_name as last_nam4_1_1_, useraccoun1_.password as password5_1_1_, useraccoun1_.status as status6_1_1_ from user_roles user0_ inner join user_account useraccoun1_ on user0_.userid=useraccoun1_.id where user0_.roleid=?
Hibernate: select roles0_.userid as userid1_1_0_, roles0_.roleid as roleid2_2_0_, role1_.id as id1_0_1_, role1_.name as name2_0_1_ from user_roles roles0_ inner join role role1_ on roles0_.roleid=role1_.id where roles0_.userid=?
Hibernate: select user0_.roleid as roleid2_0_0_, user0_.userid as userid1_2_0_, useraccoun1_.id as id1_1_1_, useraccoun1_.email as email2_1_1_, useraccoun1_.first_name as first_na3_1_1_, useraccoun1_.last_name as last_nam4_1_1_, useraccoun1_.password as password5_1_1_, useraccoun1_.status as status6_1_1_ from user_roles user0_ inner join user_account useraccoun1_ on user0_.userid=useraccoun1_.id where user0_.roleid=?

这是我的用户DTO 

@Data
@ToString(exclude = "password")
@Entity
public class UserAccount {

    public static final PasswordEncoder PASSWORD_ENCODER = new BCryptPasswordEncoder();

    @Id
    @GeneratedValue
    private long id;

    private String email;
    private String firstName;
    private String lastName;

    @JsonIgnore
    private String password;

    @ManyToMany(fetch = FetchType.EAGER)
    @JoinTable(name = "user_roles", joinColumns = @JoinColumn(name = "userID"), inverseJoinColumns = @JoinColumn(name = "roleID"))
    private Set<Role> roles = new HashSet<>();

    @Enumerated(EnumType.ORDINAL)
    private Status status;

    public void setPassword(String password) {
        this.password = PASSWORD_ENCODER.encode(password);
    }
}

这是我的角色DTO 

@Data
@Entity
public class Role {

    @Id
    @GeneratedValue
    private int id;
    private String name;

    @ManyToMany(mappedBy = "roles", fetch = FetchType.EAGER)
    private Set<UserAccount> user = new HashSet<>();
}

这是我的 CustomUserDetailsS​​ervice 

@Component
public class UserDetailsServiceImpl implements UserDetailsService {

    @Autowired
    private UserRepository repository;

    @Override
    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {

        UserAccount user = repository.findByEmail(email);

        Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

        for (Role role : user.getRoles()) {
            authorities.add(new SimpleGrantedAuthority(role.getName()));
        }

        return new User(user.getEmail(), user.getPassword(), authorities);
    }

}

这是我的 SecurityConfig 

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsServiceImpl userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(UserAccount.PASSWORD_ENCODER);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests()
            .antMatchers("/built/**", "/css/main.css","/css/vendor/flexboxgrid.css").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .defaultSuccessUrl("/", true)
            .permitAll()
            .and()
        .httpBasic()
            .and()
        .csrf().disable()
        .logout()
            .logoutSuccessUrl("/");
    }

我真的无法找到我的配置有什么问题。感谢您的帮助。

2 个答案:

答案 0 :(得分:0)

您的user_role表格与user_account表格不存在关联。 user_account应与one to many建立user_role关系。你得到了无限循环,因为user_roleuser_account有一个循环关系。

答案 1 :(得分:0)

我弄清楚了什么是错的,并最终让它发挥作用。我将Set更改为Collection。这似乎是一个休眠的bug。

相关问题
最新问题