我正在使用IBM db2。我有3个dataSource并且我有一个@Primary注释。我通过ldap身份验证执行第一个userid,密码,然后通过数据库执行角色身份验证。
package com.sunlife.eappentry.config;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.MessageSource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.ComponentScan.Filter;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.stereotype.Service;
import com.sunlife.eappentry.entity.role.SecurityRoles;
@Configuration
@ComponentScan(basePackages = "com.sunlife.eappentry", includeFilters = @Filter(Service.class))
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final static String REMEMBER_ME_KEY = "remember-me-key";
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private MessageSource messageSource;
@Bean
public TokenBasedRememberMeServices rememberMeServices() {
TokenBasedRememberMeServices rememberMeServices = new TokenBasedRememberMeServices(REMEMBER_ME_KEY, userDetailsService);
rememberMeServices.setParameter("rememberMe");
rememberMeServices.setCookieName("eappentrycookie");
return rememberMeServices;
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider dao = new DaoAuthenticationProvider();
dao.setUserDetailsService(userDetailsService);
dao.setPasswordEncoder(passwordEncoder());
dao.setMessageSource(messageSource);
return dao;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/search").access("hasRole('ENCODER')")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("secUsername")
.passwordParameter("secPassword")
.permitAll()
.defaultSuccessUrl("/search", true)
.and()
.rememberMe()
.rememberMeServices(rememberMeServices())
.key(REMEMBER_ME_KEY)
.and()
.logout()
.logoutUrl("/logout")
.deleteCookies("JSESSIONID")
.permitAll()
.and()
.exceptionHandling().accessDeniedPage("/404");
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**" , "/ws/**");
}
@Configuration
protected static class AnnotationConfiguration extends GlobalAuthenticationConfigurerAdapter{
private boolean checkRoleInDb=true;
@Autowired
DataSource datasource;
@Override
public void init(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception{
authenticationManagerBuilder
.ldapAuthentication()
.userSearchFilter("(cn={0})")
.userSearchBase("user,OU=Staff,OU=Accounts")
.contextSource()
.url("ldap://ldapvs.ph.sfe:389/DC=p,DC=se")
.managerDn("CN=JD57PH,OU=user,OU=Staff,OU=Accounts,DC=p,DC=se").managerPassword("sunlife_01");
if (checkRoleInDb) {
authenticationManagerBuilder.jdbcAuthentication().dataSource(datasource).usersByUsernameQuery("select USER_ID from aw_users where USER_ID=?")
.authoritiesByUsernameQuery("select USER_ID,ROLE_ID from aw_users where USER_ID=?");
}
}
}
}
ldap身份验证工作正常。但是,当我添加角色身份验证时,它给了我这个错误" HTTP状态403 - 访问被拒绝"输入用户名,密码后。我只有一个表,我把user_id和role_id。请建议。