Spring boot AuthenticationManagerBuilder&x27;s内存中身份验证不';当我在运行时尝试注册新用户时,我无法工作
我正在尝试使用Spring boot AuthenticationManagerBuilder&x27;s内存中身份验证不';当我在运行时尝试注册新用户时,我无法工作,spring-boot,spring-security,Spring Boot,Spring Security,我正在尝试使用AuthenticationManagerBuilder.inMemoryAuthentication(),以便在用户向/register页面发出post请求后,在运行时保存用户。但是,当我尝试在登录页面中输入相同的用户名和密码时,凭据不会得到验证 @Service @Slf4j @Transactional public class MyUserDetailsService implements UserDetailsService { @Autowired p
AuthenticationManagerBuilder.inMemoryAuthentication()
,以便在用户向/register
页面发出post请求后,在运行时保存用户。但是,当我尝试在登录页面中输入相同的用户名和密码时,凭据不会得到验证
@Service
@Slf4j
@Transactional
public class MyUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Autowired
AuthenticationManagerBuilder auth;
public void saveNewUser(User user) {
UserDetails newUser = loadUserByUsername(user.getEmail());
log.info("-----------------SAVE NEW USER CALLED---------------------");
org.springframework.security.core.Authentication authentication = new UsernamePasswordAuthenticationToken(
newUser, null, newUser.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
try {
log.info("------------------IN MEMORY AUTH SUCCESSFUL-----------------");
log.info(user.getEmail() + user.getPassword() );
auth.inMemoryAuthentication().withUser( user.getEmail() ).password(new BCryptPasswordEncoder().encode( user.getPassword() ))
.roles("USER");
} catch (Exception e) {
log.info("--------------------NOT SUCCESFUL!----------------");
e.printStackTrace();
}
}
public UserDetails loadUserByUsername(String email)
throws UsernameNotFoundException {
User user = userRepository.findByEmail(email);
if (user == null) {
throw new UsernameNotFoundException(
"No user found with username: "+ email);
}
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
return new org.springframework.security.core.userdetails.User
(
user.getEmail(),
user.getPassword().toLowerCase(), enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked,
getAuthorities(user.getRole())
);
}
private static List<GrantedAuthority> getAuthorities (String role) {
List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority(role));
return authorities;
}
}
但是,当我导航到登录页面并输入与我注册的用户名和密码相同的用户名和密码时,会出现错误
inMemoryAuthentication()
有效
当我尝试在config方法中设置它时
@Autowired
private MyUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password( passwordEncoder().encode("password") ).roles("USER");
auth.userDetailsService(userDetailsService);
}
然而,当我在我的
MyUserDetailsService
类中调用它时,它不起作用。您可能误解了。它用于在应用程序启动时构建。典型的用法是在的重写配置方法中,正如您所做的那样:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password( passwordEncoder().encode("password") ).roles("USER");
auth.userDetailsService(userDetailsService);
}
如果您自己使用它,您必须在配置它之后调用的,并以某种方式注册您刚刚构建的
请阅读,以深入了解Spring安全性 谢谢你提供的资源,但是,我仍然感到困惑。从指南中可以看出,“AuthenticationManagerBuilder非常适合设置内存中的身份验证”,这是我目前正在构建的应用程序的目标。我仍然不明白为什么inMemoryAuthentication()方法适用于webSecurityConfig类,而不适用于我的UserDetailsService类。因为当您使用
AuthenticationManagerBuilder
作为webSecurityConfig
的configure方法的参数时,框架在启动时会使用它。当您使用autowiredAuthenticationManagerBuilder
时,框架不会意识到您的修改,也不会使用它们。
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password( passwordEncoder().encode("password") ).roles("USER");
auth.userDetailsService(userDetailsService);
}