我在pom.xml中添加了spring-security-starter。之后,我得到了一个登录屏幕,在其中添加了
Username =user
password= Autogenerated password by spring security
因此,登录成功。但是,当我在application.properties文件中添加这些属性时:
spring.security.user.name=ashwin
spring.security.user.password=ashwin
然后,当我运行项目时,当我尝试使用这些用户名= ashwin和password = ashwin登录时,它拒绝了我并向我显示 Bad credintals 。
我的控制台打印为:
2019-08-17 10:16:02.470 INFO 16036 --- [ main] c.a.s.s.SpringSecurityDemoApplication : Starting SpringSecurityDemoApplication on Ashwin with PID 16036 (E:\sp-brains\spring-security-demo\target\classes started by AshwinPC in E:\sp-brains\spring-security-demo)
2019-08-17 10:16:02.492 INFO 16036 --- [ main] c.a.s.s.SpringSecurityDemoApplication : No active profile set, falling back to default profiles: default
2019-08-17 10:16:15.394 INFO 16036 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2019-08-17 10:16:15.600 INFO 16036 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2019-08-17 10:16:15.601 INFO 16036 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.22]
2019-08-17 10:16:16.524 INFO 16036 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2019-08-17 10:16:16.524 INFO 16036 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 13042 ms
2019-08-17 10:16:18.007 INFO 16036 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2019-08-17 10:16:20.530 INFO 16036 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5e39850, org.springframework.security.web.context.SecurityContextPersistenceFilter@74fe5966, org.springframework.security.web.header.HeaderWriterFilter@6c37bd27, org.springframework.security.web.csrf.CsrfFilter@6b587673, org.springframework.security.web.authentication.logout.LogoutFilter@49aa766b, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@27fde870, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@1542af63, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@1603dc2f, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4e4c3a38, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@677b8e13, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58cec85b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@398474a2, org.springframework.security.web.session.SessionManagementFilter@30331109, org.springframework.security.web.access.ExceptionTranslationFilter@4d0b0fd4, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@2bcec6a6]
2019-08-17 10:16:21.438 INFO 16036 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2019-08-17 10:16:21.480 INFO 16036 --- [ main] c.a.s.s.SpringSecurityDemoApplication : Started SpringSecurityDemoApplication in 20.703 seconds (JVM running for 22.771)
我的主要班级:
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringSecurityDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SpringSecurityDemoApplication.class, args);
}
}
登录后要去的测试控制器:
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@GetMapping(value = "/")
public String hello(){
return "<h1>Hello World</h1>";
}
}
答案 0 :(得分:1)
您可以通过inMemoryAuthentication的{{1}}或configureGlobal(AuthenticationManagerBuilder auth)使用@Bean:
UserDetailsService注意:
您也可以简单地在密码前加上@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("ashwin").password("{noop}ashwin").roles("ADMIN");
}
//OR
@Bean
public UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("ashwin").password("{noop}ashwin").roles("USER").build());
return manager;
}
}
前缀,以便{noop}使用DelegatingPasswordEncoder来验证这些密码。请注意,NoOpPasswordEncoder已过时,因为以纯文本存储密码不是一个好习惯。