Spring启动基本认证

时间:2017-09-06 00:27:23

标签: spring-boot spring-security basic-authentication

我正在使用spring boot security来帮助我进行身份验证......

Sub ResetLogWorksheet()

    Sheet1.Range("C1").Value = ""

    'Lock entire worksheet except select manual entry cell
    With Sheet1
       .Unprotect Password:=GetProtectPassword()
       .Range("C1:O1").Locked = False
       .Protect Password:=GetProtectPassword(), UserInterfaceOnly:=True, AllowFormattingCells:=True
    End With

End Sub

我有一个休息服务来登录(在我的控制器上)这是一个发送电子邮件和密码的帖子请求,我喜欢使用这项服务进行身份验证...

但我是spring-boot / java的新手......有人可以帮助我做正确的方法吗?

感谢。

3 个答案:

答案 0 :(得分:3)

更改SpringSecurityConfig.java中的添加方法,如下面的

    @Configuration
    @EnableWebSecurity
    public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserAuthenticationService userAuthenticationService;

    @Autowired
    private CustomAuthenticationProvider authenticationProvider;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(this.authenticationProvider).userDetailsService(this.userAuthenticationService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .cors().and().csrf().disable().authorizeRequests()
        .anyRequest().authenticated().and().httpBasic();
    }}

创建CustomAuthenticationProvider。

    @Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private UserAuthenticationService userAuthenticationService;

    @Override
    public boolean supports(Class<?> authentication) {
        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
    }

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String emailId = authentication.getName();
        String password = (String) authentication.getCredentials();
        UserDetails user = this.userAuthenticationService.loadUserByUsername(emailId);
        if (user == null) {
            throw new UsernameNotFoundException("Username not found.");
        }
        //Your password encoder here
        if (!password.equals(user.getPassword())) {
            throw new UsernameNotFoundException("Wrong password.");
        }
        Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
        return new UsernamePasswordAuthenticationToken(user, password, authorities);
    }}

创建自定义用户服务

    @Service
public class UserAuthenticationService implements UserDetailsService {
    @Autowired
    private UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
        User user = userRepository.findByEmailAddressWithRole(email);
        if (user == null) {
            throw new UsernameNotFoundException("Username not found for " + email);
        }
        List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
        for (Role roles : user.getRoles()) {
            grantedAuthorities.add(new SimpleGrantedAuthority(roles.getRoleName()));
        }
        return new UserAuthenticationWrapperDto(user.getId(), user.getEmailAddress(), user.getPassword(),
                user.getUserType(), user.getCompany().getId(), grantedAuthorities,user.getName());
    }}   

答案 1 :(得分:0)

我首先阅读spring boot安全文档。您将在下面找到一个链接。

https://docs.spring.io/spring-security/site/docs/current/guides/html5/helloworld-boot.html

答案 2 :(得分:0)

您需要允许访问登录端点(至少)。例如。

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/login", "/error").permitAll()
            .antMatchers("/**").authenticated().and().exceptionHandling()
            .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"));
}

如果我是你,我会删除@EnableWebSecurity(并让Spring Boot做它的工作)。然后在登录端点中,您需要设置安全上下文,例如

@PostMapping
public void authenticate(@RequestParam Map<String, String> map,
        HttpServletRequest request, HttpServletResponse response) throws Exception {
    Authentication result = authService.authenticate(map.get("username"), map.get("password"));
    SecurityContextHolder.getContext().setAuthentication(result);
    handler.onAuthenticationSuccess(request, response, result);
}

如果无法对用户进行身份验证,则authService应抛出BadCredentialsException。这是我在博客中使用过的一个示例应用:https://github.com/dsyer/mustache-sample/blob/7be8459173d0b65b6d44d05f86e581d358ea9b2e/src/main/java/com/example/DemoApplication.java#L177