角色身份验证错误与数据库

时间:2017-08-14 13:53:09

标签: spring authentication spring-boot spring-security

我正在使用IBM db2。我有3个dataSource并且我有一个@Primary注释。我通过ldap身份验证执行第一个userid,密码,然后通过数据库执行角色身份验证。

package com.sunlife.eappentry.config;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.MessageSource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.ComponentScan.Filter;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.stereotype.Service;

import com.sunlife.eappentry.entity.role.SecurityRoles;

@Configuration
@ComponentScan(basePackages = "com.sunlife.eappentry", includeFilters = @Filter(Service.class))
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final static String REMEMBER_ME_KEY = "remember-me-key";

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private MessageSource messageSource;


    @Bean
    public TokenBasedRememberMeServices rememberMeServices() {
        TokenBasedRememberMeServices rememberMeServices = new TokenBasedRememberMeServices(REMEMBER_ME_KEY, userDetailsService);
        rememberMeServices.setParameter("rememberMe");
        rememberMeServices.setCookieName("eappentrycookie");
        return rememberMeServices;
    }

    @Bean
    public DaoAuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider dao = new DaoAuthenticationProvider();
        dao.setUserDetailsService(userDetailsService);
        dao.setPasswordEncoder(passwordEncoder());
        dao.setMessageSource(messageSource);
        return dao;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
                .disable()
            .authorizeRequests()
                .antMatchers("/search").access("hasRole('ENCODER')")
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                    .usernameParameter("secUsername")
                    .passwordParameter("secPassword")
                    .permitAll()
                    .defaultSuccessUrl("/search", true)
                    .and()
                .rememberMe()
                    .rememberMeServices(rememberMeServices())
                    .key(REMEMBER_ME_KEY)
                    .and()
                .logout()
                    .logoutUrl("/logout")
                    .deleteCookies("JSESSIONID")
                    .permitAll()
                     .and()
                 .exceptionHandling().accessDeniedPage("/404");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
            .ignoring()
                .antMatchers("/resources/**" , "/ws/**");
    }

    @Configuration
    protected static class AnnotationConfiguration extends GlobalAuthenticationConfigurerAdapter{

        private boolean checkRoleInDb=true;

        @Autowired
        DataSource datasource;  


        @Override
        public void init(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception{
            authenticationManagerBuilder
                .ldapAuthentication()
                .userSearchFilter("(cn={0})")
                .userSearchBase("user,OU=Staff,OU=Accounts")
                .contextSource()
                .url("ldap://ldapvs.ph.sfe:389/DC=p,DC=se")
                .managerDn("CN=JD57PH,OU=user,OU=Staff,OU=Accounts,DC=p,DC=se").managerPassword("sunlife_01");

            if (checkRoleInDb) {
                authenticationManagerBuilder.jdbcAuthentication().dataSource(datasource).usersByUsernameQuery("select USER_ID from aw_users where USER_ID=?")
                .authoritiesByUsernameQuery("select USER_ID,ROLE_ID from aw_users where USER_ID=?");
                }
        }   
    }
}

ldap身份验证工作正常。但是,当我添加角色身份验证时,它给了我这个错误" HTTP状态403 - 访问被拒绝"输入用户名,密码后。我只有一个表,我把user_id和role_id。请建议。

0 个答案:

没有答案