Java 弹簧靴、HikariCP和JDBCAuhthentication
我试图通过Spring Boot、HikariCP作为数据源和JDBCAuhthentication来建立基于MYSQL数据库的基本身份验证,但我认为有些东西我还不太了解 以下是相关代码: pom.xmlJava 弹簧靴、HikariCP和JDBCAuhthentication,java,mysql,spring,jdbc,hikaricp,Java,Mysql,Spring,Jdbc,Hikaricp,我试图通过Spring Boot、HikariCP作为数据源和JDBCAuhthentication来建立基于MYSQL数据库的基本身份验证,但我认为有些东西我还不太了解 以下是相关代码: pom.xml <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.4.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<!-- Spring Boot dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
<!-- Persistence dependencies -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<!-- Tools dependencies -->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.2</version><!--$NO-MVN-MAN-VER$-->
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
我的网络安全配置
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
//Permit these requests without authentication
.antMatchers("/", "/login", "/signup").permitAll()
//Any other request must be authenticated
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/userAuthentication")
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGloal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource).
usersByUsernameQuery("select username,password,enabled from users where username=?").
authoritiesByUsernameQuery("select username, authority from authorities where username=?");;
}
}
登录页面
连接到数据库可能正在工作,因为我在控制台中没有收到任何错误(除了控制台中的“编码密码看起来不像BCrypt”警告之外,如果我在WebSecurityConfig类的查询中键入了一个表名,我会收到一条消息说它不存在)但我从来没有被重定向到主页上的用户名显示在问候语。登录尝试将导致登录页面出现“无效用户名和密码”错误消息,如果我手动转到索引页面,我将获得“name”参数的“anonymousUser”值
框架如何将数据库中的值与用户输入的数据进行比较,以及如何将用户作为一个实体进行检索,这是我无法理解的
你知道吗
多谢各位 听起来密码在
users
表中存储不正确,也就是说:它们似乎没有用bcrypt散列。您是如何填充该表的?@markrotterveel,我现在手动插入它们。我试图使用一个在线bcrypt生成器工具()来生成bcrypt密码(sql脚本中有一个now char(68)password条目),前面有“{bcrypt}”标记,但我仍然得到消息。。。
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
//Permit these requests without authentication
.antMatchers("/", "/login", "/signup").permitAll()
//Any other request must be authenticated
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/userAuthentication")
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGloal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource).
usersByUsernameQuery("select username,password,enabled from users where username=?").
authoritiesByUsernameQuery("select username, authority from authorities where username=?");;
}
}
<body>
<div th:replace="fragments/navbar.html"></div>
<div class="container">
<div class="starter-template">
<div class="alert alert-danger" role="alert" th:if="${param.error}">
Invalid username and password.
</div>
<div class="alert alert-success" th:if="${param.logout}">
You have been logged out.
</div>
<br>
<form th:action="@{/userAuthentication}" method="POST">
<div class="form-group"><label> User Name : <input type="text" name="username" class="form-control"/> </label></div>
<div class="form-group"><label> Password: <input type="password" name="password" class="form-control"/> </label></div>
<div><input type="submit" value="Log In" class="btn btn-primary"/></div>
</form>
</div>
</div>
</body>
<body>
<div th:replace="fragments/navbar.html"></div>
<div class="container">
<div class="starter-template">
<br>
<h4>
Logged user: <span sec:authentication="name"></span>
<br><br>
</h4>
<p>
<a href='${/admin}'>Admin access</a>
</p>
<form th:action="@{/logout}" method="POST">
<div><input type="submit" value="Log Out" class="btn btn-primary"/></div>
</form>
</div>
</div>
</body>
DROP DATABASE IF EXISTS `lostdb`;
CREATE DATABASE IF NOT EXISTS `lostdb`;
use `lostdb`;
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`username` varchar(50) NOT NULL,
`first_name` varchar(50) DEFAULT NULL,
`last_name` varchar(50) DEFAULT NULL,
`email` varchar(50) NOT NULL,
`password` varchar(50) NOT NULL,
`phone_number` varchar(50) DEFAULT NULL,
`enabled` tinyint(1) NOT NULL,
PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
DROP TABLE IF EXISTS `authorities`;
CREATE TABLE `authorities` (
`username` varchar(45) NOT NULL,
`authority` varchar(50) NOT NULL,
UNIQUE KEY `authorities_idx_1` (`username`,`authority`),
CONSTRAINT `authorities_ibfk_1` FOREIGN KEY (`username`) REFERENCES
`users` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
LOCK TABLES `users` WRITE, `authorities` WRITE;
Some "INSERT INTO" to have some data in there...
UNLOCK TABLES;