Java 使用EntityManager通过jdbcAuthentication实现Spring安全性
我想使用EntityManager通过jdbcAuthentication实现Spring安全性。但就我所知,唯一的选择是使用Hibernate数据源Java 使用EntityManager通过jdbcAuthentication实现Spring安全性,java,spring,spring-boot,spring-security,spring-security-rest,Java,Spring,Spring Boot,Spring Security,Spring Security Rest,我想使用EntityManager通过jdbcAuthentication实现Spring安全性。但就我所知,唯一的选择是使用Hibernate数据源 @Configuration @EnableWebSecurity @Import(value= {Application.class, ContextDatasource.class}) @ComponentScan(basePackages= {"org.rest.api.server.*"}) public class Applicatio
@Configuration
@EnableWebSecurity
@Import(value= {Application.class, ContextDatasource.class})
@ComponentScan(basePackages= {"org.rest.api.server.*"})
public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private RestAuthEntryPoint authenticationEntryPoint;
@Autowired
private EntityManager entityManager;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// auth
// .inMemoryAuthentication()
// .withUser("test")
// .password(passwordEncoder().encode("testpwd"))
// .authorities("ROLE_USER");
// auth.userDetailsService(myUserDetailsService);
auth.jdbcAuthentication().dataSource(dataSource)
auth.authenticationProvider(authenticationProvider());
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
// authenticationProvider.setUserDetailsService(myUserDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
这个问题有什么解决方案吗?您必须配置数据源bean以及用于身份验证和授权的查询
@Configuration
@PropertySource("classpath:db.properties")
public class AppConfig {
@Autowired
private Environment env;
@Bean
public DataSource getDataSource() {
BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName(env.getProperty("mysql.driver"));
dataSource.setUrl(env.getProperty("mysql.jdbcUrl"));
dataSource.setUsername(env.getProperty("mysql.username"));
dataSource.setPassword(env.getProperty("mysql.password"));
return dataSource;
}
}
在WebSecurity配置中,您必须放置数据源和查询。我假设您正在使用HTTP基本身份验证。您可以为每个角色添加授权
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username, password, enabled"
+ " from users where username=?")
.authoritiesByUsernameQuery("select username, authority "
+ "from authorities where username=?")
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().hasAnyRole("ADMIN", "USER")
.and()
.httpBasic(); // Authenticate users with HTTP basic authentication
}
}
目前尚不清楚为什么这是一个问题