我正在应用一个简单的spring boot安全性,在今天之前它可以工作,但是目前不起作用。
这是我的安全配置类,目前我未使用密码加密。
@Configuration
@EnableWebSecurity
public class GameSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
/*private final String USERS_QUERY = "select email, password from userregistrationmaster where email=?";
private final String ROLES_QUERY = "select u.email, ur.role from userregistrationmaster u inner join authoritiesmaster ur on (u.email = ur.authemail) where u.email=?";*/
/*@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.usersByUsernameQuery(USERS_QUERY)
.authoritiesByUsernameQuery(ROLES_QUERY)
.dataSource(dataSource);
}*/
// Enable jdbc authentication
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select email,password, enable from userregistrationmaster where email=?")
.authoritiesByUsernameQuery("select u.email, ur.role from userregistrationmaster u inner join authoritiesmaster ur on (u.email = ur.authemail) where u.email=?");
}
@Bean
public JdbcUserDetailsManager jdbcUserDetailsManager() throws Exception {
JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager();
jdbcUserDetailsManager.setDataSource(dataSource);
return jdbcUserDetailsManager;
}
@SuppressWarnings("deprecation")
@Bean
public static NoOpPasswordEncoder passwordEncoder() {
return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
web.ignoring().antMatchers("/css/**");
web.ignoring().antMatchers("/js/**");
}
String[] resources = new String[]{
"/css/**","/fonts/**","/img/**","/images/**","/js/**","/scss/**","/vendors/**","/jsmaster/**","/SendContactEmail/**"
};
String[] lessionChapters = new String[] {
"/chapter3","/chapter4","/chapter5","/chapter6","/chapter7","/chapter8"
};
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/login", "/contact", "/about-us","/lessonplan", "/chapter2", "/mobile-apps", "/website", "/game", "/products", "/registration", "/generateOpt", "/userRegistration", "/userLogin", "/forgotpassword").permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers(resources).permitAll()
.antMatchers("/game").hasAnyRole("USER","ADMIN")
.antMatchers(lessionChapters).hasAnyRole("USER","ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error=true")
.and().logout().permitAll();
http.csrf().disable();
}
它没有显示任何错误,但是我已经用USER_ROLE创建了一个用户,并尝试使用该用户名和密码登录,它显示了错误页面。
在此先感谢您帮助解决我的问题。