我使用spring security和spring boot来开发一个应用程序,使用SecurityConf保护我api的特定端点,如下所示:
@Override
public void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.passwordEncoder(passwordEncoder)
.withUser(username).password(password).roles(ADMIN_ROLE);
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/api/survey/report/**").hasRole(ADMIN_ROLE)
.and().formLogin()
.and().logout();
}
密码和用户名是从开始的数据库加载的。
一切似乎工作正常,但现在我必须实现一个方法来更改管理员的密码,我实现了存储库,服务和控制器方法,用新的加密密码更改数据库,但现在看来现在,除非我重新启动它(导致类加载新的用户名和密码),否则更改不会反映在应用程序中。如何使应用程序重新加载来自数据库的新用户名和密码,而无需重新启动它? (在生产中,这是一个不停地运行的应用程序)
这是密码更改方法的控制器:
@RequestMapping(value = "/change", method = RequestMethod.POST)
public ResponseEntity changePassword(@RequestBody Password password) {
return passwordService.updatePassword(password);
}
这是服务方法:
public ResponseEntity updatePassword(Password password) {
Administrator administrator = administratorRepository.findAdministrator();
if (passwordEncoder.matches(password.getOldPassword(), administrator.getPassword())) {
String encodePassword = passwordEncoder.encode(password.getNewPassword());
administrator.setPassword(encodePassword);
administratorRepository.updateAdministrator(administrator);
return new ResponseEntity(HttpStatus.OK);
}
return new ResponseEntity(HttpStatus.BAD_REQUEST);
}
我使用Autowired方法在SecurityConfig类的属性上加载用户名和密码,如下所示:
@Autowired
private void initUser() {
Administrator administrator = administratorRepository.findAdministrator();
this.password = administrator.getPassword();
this.username = administrator.getUsername();
}
我的班级定义如下:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final String ADMIN_ROLE = "ADMIN";
private String username;
private String password;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private AdministratorRepository administratorRepository;
passwordencoder是一个用来对管理员传递进行加盐和散列的类,repo是我持久保存数据的地方
答案 0 :(得分:1)
使用CustomUserDetailService代替AuthenticationProvider,如下所示
Exception in thread "main" java.lang.NoClassDefFoundError: io/reactivex/Observable
然后在
中更改密码@Component("userDetailsService")
public class CustomUserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
private static String username;
private static String password;
private final Logger log = LoggerFactory.getLogger(CustomUserDetailsService.class);
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return new User(CustomUserDetailsService.username,CustomUserDetailsService.password,null);
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Inject
@Qualifier("userDetailsService")
private UserDetailsService userDetailsService;
@Inject
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService);
}
@Override
public void configure(WebSecurity web) throws Exception {
}
}