Java Spring Boot 1.3.3.，Spring Security基本自定义配置_Java_Spring_Spring Mvc_Spring Security_Spring Boot

Java Spring Boot 1.3.3.，Spring Security基本自定义配置

java spring spring-mvc spring-security spring-boot

Java Spring Boot 1.3.3.，Spring Security基本自定义配置,java,spring,spring-mvc,spring-security,spring-boot,Java,Spring,Spring Mvc,Spring Security,Spring Boot,我知道这是n。关于Spring安全性的帖子，我读了很多，直到我决定发布我的问题，因为——我想——由于Spring Boot的性质，在引擎盖下面一定隐藏着某种问题，这是我正在使用的引导版本/安全类型的集合所特有的让我来谈谈 pom.xml： <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa

我知道这是n。关于Spring安全性的帖子，我读了很多，直到我决定发布我的问题，因为——我想——由于Spring Boot的性质，在引擎盖下面一定隐藏着某种问题，这是我正在使用的引导版本/安全类型的集合所特有的

让我来谈谈

pom.xml：

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-jersey</artifactId>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
    <version>1.2.5.RELEASE</version>
</dependency>

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-test</artifactId>
    <scope>test</scope>
</dependency>


org.springframework.boot
调试模式打开后：
22:06:54.067[http-nio-8280-exec-1]调试o.s.s.w.a.AnonymousAuthenticationFilter-使用匿名令牌填充SecurityContextHolder:'org.springframework.security.authentication。AnonymousAuthenticationToken@9055c2bc：委托人：匿名用户；凭据：[受保护]；认证：正确；详细信息：org.springframework.security.web.authentication。WebAuthenticationDetails@b364：RemoteIP地址：0:0:0:0:0:0:0:0:1；SessionId:null；授予的权限：角色\u匿名'
22:06:54.067[http-nio-8280-exec-1]DEBUG org.springframework.security.web.FilterChainProxy-/students/1位于附加过滤器链中11的第9位；正在启动筛选器：“SessionManagementFilter”
22:06:54.067[http-nio-8280-exec-1]DEBUG org.springframework.security.web.FilterChainProxy-/students/1位于附加过滤器链中11的第10位；正在启动筛选器：“ExceptionTranslationFilter”
22:06:54.067[http-nio-8280-exec-1]DEBUG org.springframework.security.web.FilterChainProxy-/students/1位于附加过滤器链中11位的11位；触发筛选器：“筛选器安全侦听器”
22:06:54.068[http-nio-8280-exec-1]调试o.s.s.w.access.intercept.FilterSecurityInterceptor-安全对象：过滤器职业：URL:/students/1；属性：[hasAnyRole（'ROLE\u USER'）]
22:06:54.068[http-nio-8280-exec-1]调试o.s.s.w.access.intercept.FilterSecurityInterceptor-以前经过身份验证的：org.springframework.security.authentication。AnonymousAuthenticationToken@9055c2bc：委托人：匿名用户；凭据：[受保护]；认证：正确；详细信息：org.springframework.security.web.authentication。WebAuthenticationDetails@b364：RemoteIP地址：0:0:0:0:0:0:0:0:1；SessionId:null；授予的权限：角色\u匿名
22:06:54.072[http-nio-8280-exec-1]调试o.s.security.access.vote.AffirmativeBased-投票者：org.springframework.security.web.access.expression。WebExpressionVoter@272de199，返回：-1
22:06:54.072[http-nio-8280-exec-1]调试o.s.b.factory.support.DefaultListableBeanFactory-返回单例bean“delegatingApplicationListener”的缓存实例
22:06:54.073[http-nio-8280-exec-1]调试o.s.security.web.access.ExceptionTranslationFilter-访问被拒绝（用户是匿名的）；重定向到身份验证入口点
org.springframework.security.access.AccessDeniedException:访问被拒绝
位于org.springframework.security.access.vote.AffirmativeBased.decise（AffirmativeBased.java:83）
位于org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation（AbstractSecurityInterceptor.java:232）
位于org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke（FilterSecurityInterceptor.java:123）
位于org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter（FilterSecurityInterceptor.java:90）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:330）
位于org.springframework.security.web.access.ExceptionTranslationFilter.doFilter（ExceptionTranslationFilter.java:114）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:330）
位于org.springframework.security.web.session.SessionManagementFilter.doFilter（SessionManagementFilter.java:122）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:330）
位于org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter（AnonymousAuthenticationFilter.java:111）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:330）
位于org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter（SecurityContextHolderAwareRequestFilter.java:169）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:330）
位于org.springframework.security.web.savedrequest.RequestCacheAwarRefilter.doFilter（RequestCacheAwarRefilter.java:48）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:330）
位于org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal（BasicAuthenticationFilter.java:158）
位于org.springframework.web.filter.OncePerRequestFilter.doFilter（OncePerRequestFilter.java:107）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:330）
位于org.springframework.security.web.authentication.logout.LogoutFilter.doFilter（LogoutFilter.java:120）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:330）
位于org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal（HeaderWriterFilter.java:64）
位于org.springframework.web.filter.OncePerRequestFilter.doFilter（OncePerRequestFilter.java:107）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:330）
位于org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter（SecurityContextPersistenceFilter.java:91）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:330）
位于org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal（WebAsyncManagerIntegrationFilter.java:53）
在org.springframework.web.filter上。
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private StudentRepository studentRepository;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

    http.csrf().disable()
        .authorizeRequests()
            .antMatchers("/").access("hasRole('ROLE_STUDENT')")
            .antMatchers("/**").permitAll();
        .and()
            .formLogin()
            .loginPage("/login")
            .failureUrl("/login?error=true");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
        .userDetailsService(new UserDetailsService() {
            @Override
            public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
                Iterable<Student> studentsWithIds = studentRepository.findAll();

                for (Student student: studentsWithIds) {
                    if (student.getName() == username) {
                        return studentRepository.findOne(student.getId());
                    }
                }
                  throw new UsernameNotFoundException("User '" + username + "' not found.");
            }
        });     
    }
}

@Entity
public class Student implements UserDetails {

    @Id @GeneratedValue(strategy=GenerationType.AUTO)
    private Integer id;

    @Column(unique=true)
    private Integer facebookId;

    @Column(unique=true)
    private Integer googleId;

    private String name = "";
    private String password = "";


    public void setName(String name) {
        this.name = name;
    }


    public String getName() {
        return this.name;
    }

    public String getPassword() {
        return this.password;
    }

    public void initialize(String studentName) {
        this.name = "student1";
        this.password = "password";
    }

    @Override
    public String toString(){
        return "Student with name " + name + "id: " + id;
    }

    public Integer getId() {
        return id;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return Arrays.asList(new SimpleGrantedAuthority("ROLE_STUDENT"));
    }

    @Override
    public String getUsername() {
        return this.name;
    }

    @Override
    public boolean isAccountNonExpired() {
        // TODO Auto-generated method stub
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        // TODO Auto-generated method stub
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        // TODO Auto-generated method stub
        return true;
    }

    @Override
    public boolean isEnabled() {
        // TODO Auto-generated method stub
        return true;
    }

}

@RequestMapping(value="/students", method=RequestMethod.GET, produces=MediaType.APPLICATION_JSON_UTF8_VALUE)
public ResponseEntity<Iterable<Student>> listStudents() {
    LOGGER.info("/students controller method call"+new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss").format(new Date()));
    Iterable<Student> studentsFound = studentRepository.findAll();

    Student newStudent = new Student();
    newStudent.initialize("student1");
    studentRepository.save(newStudent);

    return new ResponseEntity<Iterable<Student>>(studentsFound, HttpStatus.OK);         
}

@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception { ... }

Iterable<Student> studentsWithIds = studentRepository.findAll();
for (Student student: studentsWithIds) {
    if (student.getName() == username) {
        return studentRepository.findOne(student.getId());
    }
}