我正在使用angular,spring boot和数据库制作一个全栈式Web应用程序,我有一个用于管理员的登录表单,并且用户定义了这两个角色。基于我发现的一个教程,我创建了spring boot登录配置,并且现在可以正常工作,我需要将其链接到我的angular应用程序,但是我在堆栈中,我不知道如何设置角度形式,而不是我提供的angular形式。因为它们不在同一个应用程序中,并且我一直在它们之间使用REST控制器,所以我可以这样做吗? 这是登录配置的代码
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private UserprincipalDetailSerice userprincipalDetailSerice;
public SecurityConfiguration(UserprincipalDetailSerice userprincipalDetailSerice){
this.userprincipalDetailSerice=userprincipalDetailSerice;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Bean
DaoAuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider daoAuthenticationProvider =new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
daoAuthenticationProvider.setUserDetailsService(this.userprincipalDetailSerice);
return daoAuthenticationProvider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.authorizeRequests().antMatchers("/allproduits/**").permitAll()
.antMatchers("/getallusers/personnels").hasAnyRole("ADMIN","ANY")
.antMatchers("/getallusers/personnelsbyid/{id}").hasAnyRole("ADMIN","ANY")
.antMatchers("/getallusers/updatepersonnel").hasAnyRole("ADMIN","ANY")
.antMatchers("/getallusers/deletepersonnel/{id}").hasAnyRole("ADMIN")
.antMatchers("/getallusers/encode").permitAll()
.antMatchers("/getallusers/addcpersonnel").hasRole("ADMIN")
.antMatchers("/getallcadres/**").hasAnyRole("ADMIN","ANY")
.and()
.httpBasic()
.and()
.csrf().disable();
// http.csrf().csrfTokenRepository(this.csrfRepo());
}
@Override
public void configure(WebSecurity web ) throws Exception
{
web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
configuration.setExposedHeaders(Arrays.asList("x-auth-token"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
UserDetailsService类:
@Service
public class UserprincipalDetailSerice implements UserDetailsService {
private personnelReposotry personnelReposotry;
public UserprincipalDetailSerice(personnelReposotry pR){
this.personnelReposotry=pR;
}
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
personnel personnel=this.personnelReposotry.findByMatricule(s);
UserPrincipal userPrincipal=new UserPrincipal(personnel);
System.out.println(personnel.getMatricule()+personnel.getPsw()+"role:"+personnel.getRole());
return userPrincipal;
}
}
UserDetails类:
public class UserPrincipal implements UserDetails {
private personnel personnel;
public UserPrincipal(personnel personnel){
this.personnel=personnel;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authorities= new ArrayList<>();
this.personnel.getRoleList().forEach(p->{
GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_" +p) ;
authorities.add(authority);
});
return authorities;
}
@Override
public String getPassword() {
return this.personnel.getPsw();
}
@Override
public String getUsername() {
return this.personnel.getMatricule();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
答案 0 :(得分:0)
您当前的代码可能适用于独立应用程序,但不适用于这种情况。相反,您可以使用该代码在身份验证成功后返回一个秘密的JWT(JSON Web令牌),以便用户以后可以随每个请求发送,互联网上有很多教程。