Java Spring Boot 1.3.3.,Spring Security基本自定义配置
我知道这是n。关于Spring安全性的帖子,我读了很多,直到我决定发布我的问题,因为——我想——由于Spring Boot的性质,在引擎盖下面一定隐藏着某种问题,这是我正在使用的引导版本/安全类型的集合所特有的 让我来谈谈 pom.xml:Java Spring Boot 1.3.3.,Spring Security基本自定义配置,java,spring,spring-mvc,spring-security,spring-boot,Java,Spring,Spring Mvc,Spring Security,Spring Boot,我知道这是n。关于Spring安全性的帖子,我读了很多,直到我决定发布我的问题,因为——我想——由于Spring Boot的性质,在引擎盖下面一定隐藏着某种问题,这是我正在使用的引导版本/安全类型的集合所特有的 让我来谈谈 pom.xml: <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jersey</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>1.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
org.springframework.boot
调试模式打开后:
22:06:54.067[http-nio-8280-exec-1]调试o.s.s.w.a.AnonymousAuthenticationFilter-使用匿名令牌填充SecurityContextHolder:'org.springframework.security.authentication。AnonymousAuthenticationToken@9055c2bc:委托人:匿名用户;凭据:[受保护];认证:正确;详细信息:org.springframework.security.web.authentication。WebAuthenticationDetails@b364:RemoteIP地址:0:0:0:0:0:0:0:0:1;SessionId:null;授予的权限:角色\u匿名'
22:06:54.067[http-nio-8280-exec-1]DEBUG org.springframework.security.web.FilterChainProxy-/students/1位于附加过滤器链中11的第9位;正在启动筛选器:“SessionManagementFilter”
22:06:54.067[http-nio-8280-exec-1]DEBUG org.springframework.security.web.FilterChainProxy-/students/1位于附加过滤器链中11的第10位;正在启动筛选器:“ExceptionTranslationFilter”
22:06:54.067[http-nio-8280-exec-1]DEBUG org.springframework.security.web.FilterChainProxy-/students/1位于附加过滤器链中11位的11位;触发筛选器:“筛选器安全侦听器”
22:06:54.068[http-nio-8280-exec-1]调试o.s.s.w.access.intercept.FilterSecurityInterceptor-安全对象:过滤器职业:URL:/students/1;属性:[hasAnyRole('ROLE\u USER')]
22:06:54.068[http-nio-8280-exec-1]调试o.s.s.w.access.intercept.FilterSecurityInterceptor-以前经过身份验证的:org.springframework.security.authentication。AnonymousAuthenticationToken@9055c2bc:委托人:匿名用户;凭据:[受保护];认证:正确;详细信息:org.springframework.security.web.authentication。WebAuthenticationDetails@b364:RemoteIP地址:0:0:0:0:0:0:0:0:1;SessionId:null;授予的权限:角色\u匿名
22:06:54.072[http-nio-8280-exec-1]调试o.s.security.access.vote.AffirmativeBased-投票者:org.springframework.security.web.access.expression。WebExpressionVoter@272de199,返回:-1
22:06:54.072[http-nio-8280-exec-1]调试o.s.b.factory.support.DefaultListableBeanFactory-返回单例bean“delegatingApplicationListener”的缓存实例
22:06:54.073[http-nio-8280-exec-1]调试o.s.security.web.access.ExceptionTranslationFilter-访问被拒绝(用户是匿名的);重定向到身份验证入口点
org.springframework.security.access.AccessDeniedException:访问被拒绝
位于org.springframework.security.access.vote.AffirmativeBased.decise(AffirmativeBased.java:83)
位于org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232)
位于org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
位于org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
位于org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
位于org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122)
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
位于org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
位于org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
位于org.springframework.security.web.savedrequest.RequestCacheAwarRefilter.doFilter(RequestCacheAwarRefilter.java:48)
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
位于org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
位于org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
位于org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
位于org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
位于org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
位于org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
位于org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
在org.springframework.web.filter上。
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private StudentRepository studentRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/").access("hasRole('ROLE_STUDENT')")
.antMatchers("/**").permitAll();
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error=true");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Iterable<Student> studentsWithIds = studentRepository.findAll();
for (Student student: studentsWithIds) {
if (student.getName() == username) {
return studentRepository.findOne(student.getId());
}
}
throw new UsernameNotFoundException("User '" + username + "' not found.");
}
});
}
}
@Entity
public class Student implements UserDetails {
@Id @GeneratedValue(strategy=GenerationType.AUTO)
private Integer id;
@Column(unique=true)
private Integer facebookId;
@Column(unique=true)
private Integer googleId;
private String name = "";
private String password = "";
public void setName(String name) {
this.name = name;
}
public String getName() {
return this.name;
}
public String getPassword() {
return this.password;
}
public void initialize(String studentName) {
this.name = "student1";
this.password = "password";
}
@Override
public String toString(){
return "Student with name " + name + "id: " + id;
}
public Integer getId() {
return id;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Arrays.asList(new SimpleGrantedAuthority("ROLE_STUDENT"));
}
@Override
public String getUsername() {
return this.name;
}
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return true;
}
}
@RequestMapping(value="/students", method=RequestMethod.GET, produces=MediaType.APPLICATION_JSON_UTF8_VALUE)
public ResponseEntity<Iterable<Student>> listStudents() {
LOGGER.info("/students controller method call"+new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss").format(new Date()));
Iterable<Student> studentsFound = studentRepository.findAll();
Student newStudent = new Student();
newStudent.initialize("student1");
studentRepository.save(newStudent);
return new ResponseEntity<Iterable<Student>>(studentsFound, HttpStatus.OK);
}
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception { ... }
Iterable<Student> studentsWithIds = studentRepository.findAll();
for (Student student: studentsWithIds) {
if (student.getName() == username) {
return studentRepository.findOne(student.getId());
}
}