我已尽我所能来使此工作正常进行。我已经尝试过我的书,无数的在线教程和示例中的技巧,无论我做什么,我都没有成功。我已经尝试了好几个星期了。
这是我得到的最近的东西。当我尝试按预期访问/ users GetMapping时,出现登录页面提示,但是输入凭据后出现403禁止错误,所以我认为我的凭据正确,并且角色可能存在某种问题?根据其他堆栈溢出答案的建议,我已经禁用了csrf。我有点绝望,对我的无知表示歉意。这是我目前拥有的(此实现来自我的一本书)
注意:删除安全性类和依赖项时,所有组件和功能均正常工作。我很茫然。如果可以的话,我将永远感激不已。
主要应用:
package com.madhax.website;
import com.madhax.website.domain.Article;
import com.madhax.website.domain.User;
import com.madhax.website.service.ArticleService;
import com.madhax.website.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
@SpringBootApplication
public class WebsiteApplication {
@Autowired
private UserService userService;
@Autowired
private ArticleService articleService;
public static void main(String[] args) {
SpringApplication.run(WebsiteApplication.class, args);
}
@Bean
CommandLineRunner runner() {
return args -> {
User myUser = new User(
"admin",
"$2a$04$C/mOkKfXtOhKjhnUUrwp3OcWzLHJqkGzYpV1oys.MBPXc9M8soAQ6",
"USER");
myUser.setFirstName("James");
myUser.setLastName("Cathcart");
userService.saveUser(myUser);
Article article1 = new Article(
"Example Article 1 Title",
"Quisque volutpat condimentum velit. Class aptent taciti sociosqu ad litora " +
"torquent per conubia nostra, per inceptos himenaeos. Nam nec ante. Sed lacinia, " +
"urna non tincidunt mattis, tortor neque adipiscing diam, a cursus ipsum ante quis " +
"turpis. Nulla facilisi. Ut fringilla. Suspendisse potenti. Nunc feugiat mi a tellus " +
"consequat imperdiet. Vestibulum sapien. Proin quam. Etiam ultrices.",
myUser);
articleService.saveArticle(article1);
Article article2 = new Article(
"Example Article 1 Title",
"Quisque volutpat condimentum velit. Class aptent taciti sociosqu ad litora " +
"torquent per conubia nostra, per inceptos himenaeos. Nam nec ante. Sed lacinia, " +
"urna non tincidunt mattis, tortor neque adipiscing diam, a cursus ipsum ante quis " +
"turpis. Nulla facilisi. Ut fringilla. Suspendisse potenti. Nunc feugiat mi a tellus " +
"consequat imperdiet. Vestibulum sapien. Proin quam. Etiam ultrices.",
myUser);
articleService.saveArticle(article2);
Article article3 = new Article(
"Example Article 1 Title",
"Quisque volutpat condimentum velit. Class aptent taciti sociosqu ad litora " +
"torquent per conubia nostra, per inceptos himenaeos. Nam nec ante. Sed lacinia, " +
"urna non tincidunt mattis, tortor neque adipiscing diam, a cursus ipsum ante quis " +
"turpis. Nulla facilisi. Ut fringilla. Suspendisse potenti. Nunc feugiat mi a tellus " +
"consequat imperdiet. Vestibulum sapien. Proin quam. Etiam ultrices.",
myUser);
articleService.saveArticle(article3);
Article article4 = new Article(
"Example Article 1 Title",
"Quisque volutpat condimentum velit. Class aptent taciti sociosqu ad litora " +
"torquent per conubia nostra, per inceptos himenaeos. Nam nec ante. Sed lacinia, " +
"urna non tincidunt mattis, tortor neque adipiscing diam, a cursus ipsum ante quis " +
"turpis. Nulla facilisi. Ut fringilla. Suspendisse potenti. Nunc feugiat mi a tellus " +
"consequat imperdiet. Vestibulum sapien. Proin quam. Etiam ultrices.",
myUser);
articleService.saveArticle(article4);
};
}
}
SecurityConfig:
package com.madhax.website.config;
import com.madhax.website.service.UserDetailServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailServiceImpl userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/users", "/users/**")
.hasRole("USER")
.antMatchers("/", "/**").permitAll()
.and()
.formLogin();
}
}
UserDetailServiceImpl
package com.madhax.website.service;
import com.madhax.website.domain.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
@Service
public class UserDetailServiceImpl implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User currentUser = userRepository.findByUsername(username);
UserDetails user = new org.springframework.security.core.userdetails.User(
username,
currentUser.getPassword(),
true,
true,
true,
true,
AuthorityUtils.createAuthorityList(currentUser.getRole()));
return user;
}
}
UserRepository:
package com.madhax.website.service;
import com.madhax.website.domain.User;
import org.springframework.data.repository.CrudRepository;
public interface UserRepository extends CrudRepository<User, Long> {
public User findByUsername(String username);
}
UserService:
package com.madhax.website.service;
import com.madhax.website.domain.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.List;
import java.util.Optional;
@Service
public class UserService {
@Autowired
UserRepository userRepository;
public List<User> getAllUsers() {
return (List<User>) userRepository.findAll();
}
public Optional<User> getUserById(long id) {
return userRepository.findById(id);
}
public void saveUser(User user) {
userRepository.save(user);
}
public void deleteUser(User user) {
userRepository.delete(user);
}
}
用户:
package com.madhax.website.domain;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
@Entity
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
private String username;
private String password;
private String firstName;
private String lastName;
private String role;
public User() { }
public User(String username, String password, String role) {
this.username = username;
this.password = password;
this.role = role;
}
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public String getRole() {
return role;
}
public void setRole(String role) {
this.role = role;
}
}
答案 0 :(得分:1)
您应该根据文档Spring security doc(着重介绍)为您的角色加上ROLE_
hasRole([role])
如果当前主体具有指定角色,则返回true。 通过 如果提供的角色不是以“ ROLE_”开头,则默认为 已添加。这可以通过修改defaultRolePrefix来自定义 DefaultWebSecurityExpressionHandler。
因此,在创建用户或将defaultRolePrefix配置为空字符串时,请尝试使用ROLE_USER而不是USER