一个星期以来,我一直在尝试解决此问题,并尝试了所有帖子,但仍然无法完成这项工作。 我的SecurityConfiguration类是:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final BCryptPasswordEncoder bCryptPasswordEncoder;
private final DataSource dataSource;
@Value("${spring.queries.users-query}")
private String usersQuery;
@Value("${spring.queries.roles-query}")
private String rolesQuery;
public SecurityConfiguration(BCryptPasswordEncoder bCryptPasswordEncoder, DataSource dataSource) {
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
this.dataSource = dataSource;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.
jdbcAuthentication()
.passwordEncoder(bCryptPasswordEncoder)
.usersByUsernameQuery(usersQuery)
.authoritiesByUsernameQuery(rolesQuery)
.dataSource(dataSource)
;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/","/h2-console/**","/registration","/login").permitAll()
.antMatchers("/offer/**").access("hasRole('USER') or hasRole('ADMIN')")
.and()
.formLogin()
.loginPage("/login").failureUrl("/login?error=true")
.defaultSuccessUrl("/")
.usernameParameter("email")
.passwordParameter("password")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").and().exceptionHandling()
.accessDeniedPage("/access-denied");
http.csrf().disable();
http.headers().frameOptions().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/images/**");
}
}
,我有一个WebMvcConfiguration类,如下所示:
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
}
我只是不断获得“错误的凭据”,并且密码与记录不匹配。我可以在数据库中看到哈希密码,并在DaoAuthenticationProvider类引发此异常的行(additionalAuthenticationChecks方法)之前设置调试点,据我所知,数据库中的用户详细信息正确无误,但确实如此在登录时未按密码显示显示的密码...
我的登录控制器如下:
@Controller
public class LoginController {
private final UserAccountService userAccountService;
public LoginController(UserAccountService userAccountService) {
this.userAccountService = userAccountService;
}
@GetMapping("/login")
public ModelAndView login( Error error){
ModelAndView modelAndView = new ModelAndView();
if (error != null) {
modelAndView.setViewName("error page");
}
modelAndView.setViewName("login");
return modelAndView;
}
@PostMapping("/registration")
public ModelAndView createNewUser(@Valid UserAccount user, BindingResult bindingResult) {
ModelAndView modelAndView = new ModelAndView();
UserAccount userExists = userAccountService.findUserByEmail(user.getEmail());
if (userExists != null) {
bindingResult
.rejectValue("email", "error.user",
"There is already a user registered with the email provided");
}
if (bindingResult.hasErrors()) {
modelAndView.setViewName("registration");
} else {
userAccountService.saveOrUpdate(user);
modelAndView.addObject("successMessage", "User has been registered successfully");
modelAndView.addObject("user", new UserAccount());
modelAndView.setViewName("registration");
}
return modelAndView;
}
@GetMapping("/admin/home")
public ModelAndView home(){
ModelAndView modelAndView = new ModelAndView();
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
UserAccount user = userAccountService.findUserByEmail(auth.getName());
modelAndView.addObject("userName", "Welcome " + user.getFirstName() + " "
+ user.getLastName() + " (" + user.getEmail() + ")");
modelAndView.addObject("adminMessage","Content Available Only for Users with Admin Role");
modelAndView.setViewName("admin/home");
return modelAndView;
}
}
我的SQL查询也正常工作,我已经在H2控制台上对其进行了尝试...
您认为我做错了什么吗?
答案 0 :(得分:0)
好,我找到了罪魁祸首:
启动该应用程序时,我在数据库中填充了一些测试数据,并且我意识到我正在更新用户帐户,在该帐户中密码被重新编码...
一旦我减少了UserAccount类的“ saveOrUpdate”方法的使用,我就可以登录。