Java 具有Spring安全性和自定义数据库的Spring引导
先为我的英语不好道歉 因为我已经更改了数据库配置,所以无法成功地将我登录到应用程序。 我正在使用Spring security。在进行更改之前,一切都正常 我有两个实体:Java 具有Spring安全性和自定义数据库的Spring引导,java,database,spring-boot,spring-security,spring-data-jpa,Java,Database,Spring Boot,Spring Security,Spring Data Jpa,先为我的英语不好道歉 因为我已经更改了数据库配置,所以无法成功地将我登录到应用程序。 我正在使用Spring security。在进行更改之前,一切都正常 我有两个实体: User.java UserRole.java User.java package betizy.models; //imports @Entity @Table(name = "use_user") public class User { @Id @GeneratedValue(strategy = Genera
- User.java
- UserRole.java
package betizy.models;
//imports
@Entity
@Table(name = "use_user")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USE_ID")
private Long id;
@NotNull
@Column(name = "USE_USERNAME")
private String username;
@NotNull
@Column(name = "USE_PASSWORD")
private String password;
@NotNull
@Column(name = "USE_EMAIL")
private String email;
//getters and setters
}
package betizy.models;
//imports
@Entity
@Table(name = "usr_user_role")
public class UserRole {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USR_ID")
private Long id;
@ManyToOne
@JoinColumn(name = "USR_USE_ID")
private User user;
@NotNull
@Column(name = "USR_ROLE")
private String role;
//getters and setters
}
package betizy.security;
//imports
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
//.passwordEncoder(passwordEncoder())
.usersByUsernameQuery(
"select * from use_user where use_user.use_username=?")
.authoritiesByUsernameQuery(
"select * from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=?");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//.antMatchers("/hello").access("hasRole('ROLE_ADMIN')")
.antMatchers("/", "/register", "/user/create", "/webjars/**", "/js/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.logout().permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.csrf().disable();
}
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select username,password, enabled from users where username=?")
.authoritiesByUsernameQuery(
"select username, role from user_roles where username=?");
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select use_username, use_password, use_email from use_user where use_username=?")
.authoritiesByUsernameQuery(
"select use_username, usr_role from usr_user_role, use_user where use_id = usr_use_id and use_username=?");
}
UserRole.java
package betizy.models;
//imports
@Entity
@Table(name = "use_user")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USE_ID")
private Long id;
@NotNull
@Column(name = "USE_USERNAME")
private String username;
@NotNull
@Column(name = "USE_PASSWORD")
private String password;
@NotNull
@Column(name = "USE_EMAIL")
private String email;
//getters and setters
}
package betizy.models;
//imports
@Entity
@Table(name = "usr_user_role")
public class UserRole {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USR_ID")
private Long id;
@ManyToOne
@JoinColumn(name = "USR_USE_ID")
private User user;
@NotNull
@Column(name = "USR_ROLE")
private String role;
//getters and setters
}
package betizy.security;
//imports
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
//.passwordEncoder(passwordEncoder())
.usersByUsernameQuery(
"select * from use_user where use_user.use_username=?")
.authoritiesByUsernameQuery(
"select * from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=?");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//.antMatchers("/hello").access("hasRole('ROLE_ADMIN')")
.antMatchers("/", "/register", "/user/create", "/webjars/**", "/js/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.logout().permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.csrf().disable();
}
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select username,password, enabled from users where username=?")
.authoritiesByUsernameQuery(
"select username, role from user_roles where username=?");
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select use_username, use_password, use_email from use_user where use_username=?")
.authoritiesByUsernameQuery(
"select use_username, usr_role from usr_user_role, use_user where use_id = usr_use_id and use_username=?");
}
login.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<title>Spring Security Example </title>
<script src="/webjars/angularjs/1.4.9/angular.js"></script>
<script src="webjars/jquery/2.0.3/jquery.min.js"></script>
<link rel="stylesheet" href="/webjars/bootstrap/3.3.6/css/bootstrap.css">
<script src="/js/index.js"></script>
</head>
<body ng-app="Betizy">
<div header></div>
<div th:if="${param.error}">
Invalid username and password.
</div>
<div th:if="${param.logout}">
You have been logged out.
</div>
<form th:action="@{/login}" method="post">
<div><label> User Name : <input type="text" name="username" required/> </label></div>
<div><label> Password: <input type="password" name="password" required/> </label></div>
<div><input type="submit" value="Sign In"/></div>
</form>
<div>To open a new account click <a href="/register">here</a>. </div>
<div footer></div>
</body>
</html>
我认为问题在于我的
用户的名称
实体字段或我在SecurityConfig.java中的两个查询,但我不知道如何解决我的问题我必须保留我的数据库配置(字段名称)
提前感谢您的帮助!:)
编辑 有两处改动都可以,但它不是一个好的数据库。我将在SecurityConfig.java
package betizy.models;
//imports
@Entity
@Table(name = "use_user")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USE_ID")
private Long id;
@NotNull
@Column(name = "USE_USERNAME")
private String username;
@NotNull
@Column(name = "USE_PASSWORD")
private String password;
@NotNull
@Column(name = "USE_EMAIL")
private String email;
//getters and setters
}
package betizy.models;
//imports
@Entity
@Table(name = "usr_user_role")
public class UserRole {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USR_ID")
private Long id;
@ManyToOne
@JoinColumn(name = "USR_USE_ID")
private User user;
@NotNull
@Column(name = "USR_ROLE")
private String role;
//getters and setters
}
package betizy.security;
//imports
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
//.passwordEncoder(passwordEncoder())
.usersByUsernameQuery(
"select * from use_user where use_user.use_username=?")
.authoritiesByUsernameQuery(
"select * from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=?");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//.antMatchers("/hello").access("hasRole('ROLE_ADMIN')")
.antMatchers("/", "/register", "/user/create", "/webjars/**", "/js/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.logout().permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.csrf().disable();
}
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select username,password, enabled from users where username=?")
.authoritiesByUsernameQuery(
"select username, role from user_roles where username=?");
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select use_username, use_password, use_email from use_user where use_username=?")
.authoritiesByUsernameQuery(
"select use_username, usr_role from usr_user_role, use_user where use_id = usr_use_id and use_username=?");
}
一垒(它正在工作)使用SecurityConfig.java
package betizy.models;
//imports
@Entity
@Table(name = "use_user")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USE_ID")
private Long id;
@NotNull
@Column(name = "USE_USERNAME")
private String username;
@NotNull
@Column(name = "USE_PASSWORD")
private String password;
@NotNull
@Column(name = "USE_EMAIL")
private String email;
//getters and setters
}
package betizy.models;
//imports
@Entity
@Table(name = "usr_user_role")
public class UserRole {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USR_ID")
private Long id;
@ManyToOne
@JoinColumn(name = "USR_USE_ID")
private User user;
@NotNull
@Column(name = "USR_ROLE")
private String role;
//getters and setters
}
package betizy.security;
//imports
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
//.passwordEncoder(passwordEncoder())
.usersByUsernameQuery(
"select * from use_user where use_user.use_username=?")
.authoritiesByUsernameQuery(
"select * from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=?");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//.antMatchers("/hello").access("hasRole('ROLE_ADMIN')")
.antMatchers("/", "/register", "/user/create", "/webjars/**", "/js/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.logout().permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.csrf().disable();
}
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select username,password, enabled from users where username=?")
.authoritiesByUsernameQuery(
"select username, role from user_roles where username=?");
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select use_username, use_password, use_email from use_user where use_username=?")
.authoritiesByUsernameQuery(
"select use_username, usr_role from usr_user_role, use_user where use_id = usr_use_id and use_username=?");
}
其次,它不起作用。我无法发布链接,但您在User.java和UserRole.java
package betizy.models;
//imports
@Entity
@Table(name = "use_user")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USE_ID")
private Long id;
@NotNull
@Column(name = "USE_USERNAME")
private String username;
@NotNull
@Column(name = "USE_PASSWORD")
private String password;
@NotNull
@Column(name = "USE_EMAIL")
private String email;
//getters and setters
}
package betizy.models;
//imports
@Entity
@Table(name = "usr_user_role")
public class UserRole {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USR_ID")
private Long id;
@ManyToOne
@JoinColumn(name = "USR_USE_ID")
private User user;
@NotNull
@Column(name = "USR_ROLE")
private String role;
//getters and setters
}
package betizy.security;
//imports
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
//.passwordEncoder(passwordEncoder())
.usersByUsernameQuery(
"select * from use_user where use_user.use_username=?")
.authoritiesByUsernameQuery(
"select * from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=?");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//.antMatchers("/hello").access("hasRole('ROLE_ADMIN')")
.antMatchers("/", "/register", "/user/create", "/webjars/**", "/js/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.logout().permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.csrf().disable();
}
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select username,password, enabled from users where username=?")
.authoritiesByUsernameQuery(
"select username, role from user_roles where username=?");
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select use_username, use_password, use_email from use_user where use_username=?")
.authoritiesByUsernameQuery(
"select use_username, usr_role from usr_user_role, use_user where use_id = usr_use_id and use_username=?");
}
使用SecurityConfig.java
package betizy.models;
//imports
@Entity
@Table(name = "use_user")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USE_ID")
private Long id;
@NotNull
@Column(name = "USE_USERNAME")
private String username;
@NotNull
@Column(name = "USE_PASSWORD")
private String password;
@NotNull
@Column(name = "USE_EMAIL")
private String email;
//getters and setters
}
package betizy.models;
//imports
@Entity
@Table(name = "usr_user_role")
public class UserRole {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USR_ID")
private Long id;
@ManyToOne
@JoinColumn(name = "USR_USE_ID")
private User user;
@NotNull
@Column(name = "USR_ROLE")
private String role;
//getters and setters
}
package betizy.security;
//imports
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
//.passwordEncoder(passwordEncoder())
.usersByUsernameQuery(
"select * from use_user where use_user.use_username=?")
.authoritiesByUsernameQuery(
"select * from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=?");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//.antMatchers("/hello").access("hasRole('ROLE_ADMIN')")
.antMatchers("/", "/register", "/user/create", "/webjars/**", "/js/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.logout().permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.csrf().disable();
}
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select username,password, enabled from users where username=?")
.authoritiesByUsernameQuery(
"select username, role from user_roles where username=?");
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select use_username, use_password, use_email from use_user where use_username=?")
.authoritiesByUsernameQuery(
"select use_username, usr_role from usr_user_role, use_user where use_id = usr_use_id and use_username=?");
}
请更改SQL以按顺序返回列名,而不是
*
<!-- change to your own column name, return the columns in order-->
select <username,password,enabled> from use_user where use_user.use_username=?
更多细节请看,好的,这是代码,我认为更容易理解为什么要按顺序返回列
protected List<UserDetails> loadUsersByUsername(String username) {
return getJdbcTemplate().query(this.usersByUsernameQuery,
new String[] { username }, new RowMapper<UserDetails>() {
@Override
public UserDetails mapRow(ResultSet rs, int rowNum)
throws SQLException {
// get user info
String username = rs.getString(1);
String password = rs.getString(2);
boolean enabled = rs.getBoolean(3);
return new User(username, password, enabled, true, true, true,
AuthorityUtils.NO_AUTHORITIES);
}
});
}
protected List<GrantedAuthority> loadUserAuthorities(String username) {
return getJdbcTemplate().query(this.authoritiesByUsernameQuery,
new String[] { username }, new RowMapper<GrantedAuthority>() {
@Override
public GrantedAuthority mapRow(ResultSet rs, int rowNum)
throws SQLException {
//get GrantedAuthority
String roleName = JdbcDaoImpl.this.rolePrefix + rs.getString(2);
return new SimpleGrantedAuthority(roleName);
}
});
}
受保护列表loadUsersByUsername(字符串用户名){
返回getJdbcTemplate().query(this.usersByUsernameQuery,
新字符串[]{username},新的行映射器(){
@凌驾
公共用户详细信息映射行(结果集rs,int rowNum)
抛出SQLException{
//获取用户信息
字符串用户名=rs.getString(1);
字符串密码=rs.getString(2);
布尔启用=rs.getBoolean(3);
返回新用户(用户名、密码、已启用、true、true、true、,
主管部门(无任何主管部门);
}
});
}
受保护列表LoadUserAuthories(字符串用户名){
返回getJdbcTemplate().query(this.authoritiesByUsernameQuery,
新字符串[]{username},新的行映射器(){
@凌驾
公共授权权限映射行(结果集rs,int rowNum)
抛出SQLException{
//获得授权
字符串roleName=JdbcDaoImpl.this.rolePrefix+rs.getString(2);
返回新的SimpleGrantedAuthority(roleName);
}
});
}
例如,我的实体名称字段。我发现了这个,但我使用的是Spring Boot,所以这个文件在哪里?您得到的错误是什么?发布日志。我没有日志或错误。。我不知道为什么。你做了什么更改?你能发布你更改的数据源配置吗?选择使用用户名、使用密码、使用电子邮件?
,第三列必须启用
列。或者您可以实现自己的UserDetailsService
,而不是JdbcDaoImpl