我正在使用spring boot security来帮助我进行身份验证......
Sub ResetLogWorksheet()
Sheet1.Range("C1").Value = ""
'Lock entire worksheet except select manual entry cell
With Sheet1
.Unprotect Password:=GetProtectPassword()
.Range("C1:O1").Locked = False
.Protect Password:=GetProtectPassword(), UserInterfaceOnly:=True, AllowFormattingCells:=True
End With
End Sub
我有一个休息服务来登录(在我的控制器上)这是一个发送电子邮件和密码的帖子请求,我喜欢使用这项服务进行身份验证...
但我是spring-boot / java的新手......有人可以帮助我做正确的方法吗?
感谢。
答案 0 :(得分:3)
更改SpringSecurityConfig.java中的添加方法,如下面的
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserAuthenticationService userAuthenticationService;
@Autowired
private CustomAuthenticationProvider authenticationProvider;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(this.authenticationProvider).userDetailsService(this.userAuthenticationService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and().csrf().disable().authorizeRequests()
.anyRequest().authenticated().and().httpBasic();
}}
创建CustomAuthenticationProvider。
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
private UserAuthenticationService userAuthenticationService;
@Override
public boolean supports(Class<?> authentication) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String emailId = authentication.getName();
String password = (String) authentication.getCredentials();
UserDetails user = this.userAuthenticationService.loadUserByUsername(emailId);
if (user == null) {
throw new UsernameNotFoundException("Username not found.");
}
//Your password encoder here
if (!password.equals(user.getPassword())) {
throw new UsernameNotFoundException("Wrong password.");
}
Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
return new UsernamePasswordAuthenticationToken(user, password, authorities);
}}
创建自定义用户服务
@Service
public class UserAuthenticationService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
User user = userRepository.findByEmailAddressWithRole(email);
if (user == null) {
throw new UsernameNotFoundException("Username not found for " + email);
}
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
for (Role roles : user.getRoles()) {
grantedAuthorities.add(new SimpleGrantedAuthority(roles.getRoleName()));
}
return new UserAuthenticationWrapperDto(user.getId(), user.getEmailAddress(), user.getPassword(),
user.getUserType(), user.getCompany().getId(), grantedAuthorities,user.getName());
}}
答案 1 :(得分:0)
我首先阅读spring boot安全文档。您将在下面找到一个链接。
https://docs.spring.io/spring-security/site/docs/current/guides/html5/helloworld-boot.html
答案 2 :(得分:0)
您需要允许访问登录端点(至少)。例如。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login", "/error").permitAll()
.antMatchers("/**").authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"));
}
如果我是你,我会删除@EnableWebSecurity(并让Spring Boot做它的工作)。然后在登录端点中,您需要设置安全上下文,例如
@PostMapping
public void authenticate(@RequestParam Map<String, String> map,
HttpServletRequest request, HttpServletResponse response) throws Exception {
Authentication result = authService.authenticate(map.get("username"), map.get("password"));
SecurityContextHolder.getContext().setAuthentication(result);
handler.onAuthenticationSuccess(request, response, result);
}
如果无法对用户进行身份验证,则authService应抛出BadCredentialsException。这是我在博客中使用过的一个示例应用:https://github.com/dsyer/mustache-sample/blob/7be8459173d0b65b6d44d05f86e581d358ea9b2e/src/main/java/com/example/DemoApplication.java#L177