Java 使用EntityManager通过jdbcAuthentication实现Spring安全性_Java_Spring_Spring Boot_Spring Security_Spring Security Rest

Java 使用EntityManager通过jdbcAuthentication实现Spring安全性

java spring spring-boot spring-security

Java 使用EntityManager通过jdbcAuthentication实现Spring安全性,java,spring,spring-boot,spring-security,spring-security-rest,Java,Spring,Spring Boot,Spring Security,Spring Security Rest,我想使用EntityManager通过jdbcAuthentication实现Spring安全性。但就我所知，唯一的选择是使用Hibernate数据源 @Configuration @EnableWebSecurity @Import(value= {Application.class, ContextDatasource.class}) @ComponentScan(basePackages= {"org.rest.api.server.*"}) public class Applicatio

我想使用EntityManager通过jdbcAuthentication实现Spring安全性。但就我所知，唯一的选择是使用Hibernate数据源

@Configuration
@EnableWebSecurity
@Import(value= {Application.class, ContextDatasource.class})
@ComponentScan(basePackages= {"org.rest.api.server.*"})
public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired 
    private RestAuthEntryPoint authenticationEntryPoint;

    @Autowired
    private EntityManager entityManager;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//      auth
//      .inMemoryAuthentication()
//      .withUser("test")
//      .password(passwordEncoder().encode("testpwd"))
//      .authorities("ROLE_USER");
//      auth.userDetailsService(myUserDetailsService);
        auth.jdbcAuthentication().dataSource(dataSource)
        auth.authenticationProvider(authenticationProvider());
    }
    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
//      authenticationProvider.setUserDetailsService(myUserDetailsService);
        authenticationProvider.setPasswordEncoder(passwordEncoder());
        return authenticationProvider;
    }

这个问题有什么解决方案吗？

您必须配置数据源bean以及用于身份验证和授权的查询

@Configuration
@PropertySource("classpath:db.properties")
public class AppConfig {

  @Autowired
  private Environment env;

  @Bean
  public DataSource getDataSource() {
    BasicDataSource dataSource = new BasicDataSource();
    dataSource.setDriverClassName(env.getProperty("mysql.driver"));
    dataSource.setUrl(env.getProperty("mysql.jdbcUrl"));
    dataSource.setUsername(env.getProperty("mysql.username"));
    dataSource.setPassword(env.getProperty("mysql.password"));
    return dataSource;
  }
}

在WebSecurity配置中，您必须放置数据源和查询。我假设您正在使用HTTP基本身份验证。您可以为每个角色添加授权

@EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

      @Autowired
      private DataSource dataSource;

      @Override
      protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.jdbcAuthentication().dataSource(dataSource)
            .usersByUsernameQuery("select username, password, enabled"
                + " from users where username=?")
            .authoritiesByUsernameQuery("select username, authority "
                + "from authorities where username=?")
            .passwordEncoder(new BCryptPasswordEncoder());
      }

      @Override
      protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().anyRequest().hasAnyRole("ADMIN", "USER")
        .and()
        .httpBasic(); // Authenticate users with HTTP basic authentication
      }
    }

目前尚不清楚为什么这是一个问题