Java 弹簧靴、HikariCP和JDBCAuhthentication_Java_Mysql_Spring_Jdbc_Hikaricp

Java 弹簧靴、HikariCP和JDBCAuhthentication

java mysql spring jdbc

Java 弹簧靴、HikariCP和JDBCAuhthentication,java,mysql,spring,jdbc,hikaricp,Java,Mysql,Spring,Jdbc,Hikaricp,我试图通过Spring Boot、HikariCP作为数据源和JDBCAuhthentication来建立基于MYSQL数据库的基本身份验证，但我认为有些东西我还不太了解以下是相关代码： pom.xml <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId>

我试图通过Spring Boot、HikariCP作为数据源和JDBCAuhthentication来建立基于MYSQL数据库的基本身份验证，但我认为有些东西我还不太了解

以下是相关代码：

pom.xml

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.0.4.RELEASE</version>
</parent>

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <java.version>1.8</java.version>
</properties>


<dependencies>

<!-- Spring Boot dependencies -->   
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-devtools</artifactId>
        <scope>runtime</scope>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>

    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity4</artifactId>
    </dependency>

<!-- Persistence dependencies -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>

    <dependency>
        <groupId>org.hibernate</groupId>
        <artifactId>hibernate-core</artifactId>
    </dependency>

    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
        <scope>runtime</scope>
    </dependency>


<!-- Tools dependencies --> 
    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
        <version>1.18.2</version><!--$NO-MVN-MAN-VER$-->
        <scope>provided</scope>
    </dependency>


</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

我的网络安全配置

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private DataSource dataSource;

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()  
            //Permit these requests without authentication
            .antMatchers("/", "/login", "/signup").permitAll()
            //Any other request must be authenticated
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/userAuthentication")
            .permitAll()
            .and()
        .logout()
            .permitAll();
}


@Autowired
public void configureGloal(AuthenticationManagerBuilder auth) throws Exception {         
     auth.jdbcAuthentication().dataSource(dataSource).
     usersByUsernameQuery("select username,password,enabled from users where username=?").
     authoritiesByUsernameQuery("select username, authority from authorities where username=?");;
 }

}

登录页面

连接到数据库可能正在工作，因为我在控制台中没有收到任何错误（除了控制台中的“编码密码看起来不像BCrypt”警告之外，如果我在WebSecurityConfig类的查询中键入了一个表名，我会收到一条消息说它不存在）但我从来没有被重定向到主页上的用户名显示在问候语。登录尝试将导致登录页面出现“无效用户名和密码”错误消息，如果我手动转到索引页面，我将获得“name”参数的“anonymousUser”值

框架如何将数据库中的值与用户输入的数据进行比较，以及如何将用户作为一个实体进行检索，这是我无法理解的

你知道吗

多谢各位

听起来密码在

users

表中存储不正确，也就是说：它们似乎没有用bcrypt散列。您是如何填充该表的？@markrotterveel，我现在手动插入它们。我试图使用一个在线bcrypt生成器工具（）来生成bcrypt密码（sql脚本中有一个now char（68）password条目），前面有“{bcrypt}”标记，但我仍然得到消息。。。

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private DataSource dataSource;

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()  
            //Permit these requests without authentication
            .antMatchers("/", "/login", "/signup").permitAll()
            //Any other request must be authenticated
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/userAuthentication")
            .permitAll()
            .and()
        .logout()
            .permitAll();
}


@Autowired
public void configureGloal(AuthenticationManagerBuilder auth) throws Exception {         
     auth.jdbcAuthentication().dataSource(dataSource).
     usersByUsernameQuery("select username,password,enabled from users where username=?").
     authoritiesByUsernameQuery("select username, authority from authorities where username=?");;
 }

}

<body>
<div th:replace="fragments/navbar.html"></div>        
    <div class="container">
        <div class="starter-template">
            <div class="alert alert-danger" role="alert" th:if="${param.error}">
                Invalid username and password.
            </div>
            <div class="alert alert-success" th:if="${param.logout}">
                You have been logged out.
            </div>
            <br>
            <form th:action="@{/userAuthentication}" method="POST">
                <div class="form-group"><label> User Name : <input type="text" name="username" class="form-control"/> </label></div>
                <div class="form-group"><label> Password: <input type="password" name="password" class="form-control"/> </label></div>
                <div><input type="submit" value="Log In" class="btn btn-primary"/></div>
            </form> 
        </div>
    </div>

</body>

<body>
<div th:replace="fragments/navbar.html"></div>
<div class="container">
    <div class="starter-template">
        <br>
        <h4>
        Logged user: <span sec:authentication="name"></span>
        <br><br>            
        </h4>

        <p>
        <a href='${/admin}'>Admin access</a>

        </p>

        <form th:action="@{/logout}" method="POST">
            <div><input type="submit" value="Log Out" class="btn btn-primary"/></div>
        </form> 
    </div>
</div>
</body>

DROP DATABASE IF EXISTS `lostdb`;
CREATE DATABASE IF NOT EXISTS `lostdb`;
use `lostdb`;

DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
  `username` varchar(50) NOT NULL,
  `first_name` varchar(50) DEFAULT NULL,
  `last_name` varchar(50) DEFAULT NULL,
  `email` varchar(50) NOT NULL,
  `password` varchar(50) NOT NULL,
  `phone_number` varchar(50) DEFAULT NULL,
  `enabled` tinyint(1) NOT NULL, 
   PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;


DROP TABLE IF EXISTS `authorities`;

CREATE TABLE `authorities` (
  `username` varchar(45) NOT NULL,
  `authority` varchar(50) NOT NULL,  
  UNIQUE KEY `authorities_idx_1` (`username`,`authority`),
  CONSTRAINT `authorities_ibfk_1` FOREIGN KEY (`username`) REFERENCES 
 `users` (`username`)  
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

LOCK TABLES `users` WRITE, `authorities` WRITE;

Some "INSERT INTO" to have some data in there...
UNLOCK TABLES;