Spring,使用数据库进行身份验证

时间:2017-02-18 00:28:04

标签: java database spring authentication

我想使用Basic Auth保护端点。

当我尝试使用正确的用户名和密码登录时 - 一切正常。

我的问题是,当我尝试使用错误的用户名或密码登录时 - 我得到:

java.lang.StackOverflowError: null
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator.loadUserByUsername(WebSecurityConfigurerAdapter.java:442) ~[spring-security-config-4.2.1.RELEASE.jar:4.2.1.RELEASE]

我该如何解决?

SecurityConfig.java

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private static final String AUTHORITIES_QUERY = "SELECT u.username, r.role FROM user u " +
                                                    "INNER JOIN user_role ur ON u.id = ur.user_id " +
                                                    "INNER JOIN role r ON ur.role_id = r.id " +
                                                    "WHERE u.username=?";

    private static final String USERS_QUERY = "SELECT username, password, is_active FROM user WHERE username=?";

    @Autowired
    private DataSource dataSource;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .jdbcAuthentication()
                .usersByUsernameQuery(USERS_QUERY)
                .authoritiesByUsernameQuery(AUTHORITIES_QUERY)
                .dataSource(dataSource).and()
            .userDetailsService(userDetailsService());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
            .authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/user").hasAuthority("USER")
                .antMatchers("/admin").hasAuthority("ADMIN")
                .anyRequest().fullyAuthenticated()
                .and()
            .httpBasic().and()
            .csrf()
                .disable();
    }

}

1 个答案:

答案 0 :(得分:0)

您可以访问此(http://www.mkyong.com/spring-security/spring-security-hibernate-annotation-example/)链接。它是关于" Spring Security + Hibernate Annotation Example"

相关问题
最新问题