带有jdbc身份验证的Spring Boot安全性不起作用

时间:2019-05-21 05:39:12

标签: spring-boot authentication jdbc

我正在应用一个简单的spring boot安全性,在今天之前它可以工作,但是目前不起作用。

这是我的安全配置类,目前我未使用密码加密。

@Configuration
@EnableWebSecurity
public class GameSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    DataSource dataSource;

    /*private final String USERS_QUERY = "select email, password from userregistrationmaster where email=?";
    private final String ROLES_QUERY = "select u.email, ur.role from userregistrationmaster u inner join authoritiesmaster ur on (u.email = ur.authemail) where u.email=?";*/

     /*@Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
      auth.jdbcAuthentication()
       .usersByUsernameQuery(USERS_QUERY)
       .authoritiesByUsernameQuery(ROLES_QUERY)
       .dataSource(dataSource);
     }*/

    // Enable jdbc authentication
    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().dataSource(dataSource)
                .usersByUsernameQuery("select email,password, enable from userregistrationmaster where email=?")
                .authoritiesByUsernameQuery("select u.email, ur.role from userregistrationmaster u inner join authoritiesmaster ur on (u.email = ur.authemail) where u.email=?");
    }

    @Bean
    public JdbcUserDetailsManager jdbcUserDetailsManager() throws Exception {
        JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager();
        jdbcUserDetailsManager.setDataSource(dataSource);
        return jdbcUserDetailsManager;
    }

    @SuppressWarnings("deprecation")
    @Bean
    public static NoOpPasswordEncoder passwordEncoder() {
    return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**");
        web.ignoring().antMatchers("/css/**");
        web.ignoring().antMatchers("/js/**");

    }

    String[] resources = new String[]{
            "/css/**","/fonts/**","/img/**","/images/**","/js/**","/scss/**","/vendors/**","/jsmaster/**","/SendContactEmail/**"
    };

    String[] lessionChapters = new String[] {
            "/chapter3","/chapter4","/chapter5","/chapter6","/chapter7","/chapter8"
    };

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/", "/login", "/contact", "/about-us","/lessonplan", "/chapter2", "/mobile-apps", "/website", "/game", "/products", "/registration", "/generateOpt", "/userRegistration", "/userLogin", "/forgotpassword").permitAll()
        .antMatchers("/resources/**").permitAll()
        .antMatchers(resources).permitAll()
        .antMatchers("/game").hasAnyRole("USER","ADMIN")
        .antMatchers(lessionChapters).hasAnyRole("USER","ADMIN")
        .anyRequest().authenticated()
        .and()
        .formLogin()
        .loginPage("/login")
        .failureUrl("/login?error=true")
        .and().logout().permitAll();

        http.csrf().disable();
    }

它没有显示任何错误,但是我已经用USER_ROLE创建了一个用户,并尝试使用该用户名和密码登录,它显示了错误页面。

在此先感谢您帮助解决我的问题。

0 个答案:

没有答案