Spring Starter安全性未验证
当我添加具有“角色\用户”权限的用户时,我无法进行身份验证。尝试使用用户名:“username”和密码“password”进行身份验证时,会一致返回401 我可以在JSON的输出中看到BCryptPasswordEncoder正在按其应该的方式编码密码,但无论我使用的是原始密码还是编码版本,我仍然无法进行身份验证 我已经为此工作了几天,但都没有用。我有什么遗漏吗 代码如下-- 数据库加载器:Spring Starter安全性未验证,spring,spring-mvc,spring-boot,spring-security,spring-data-jpa,Spring,Spring Mvc,Spring Boot,Spring Security,Spring Data Jpa,当我添加具有“角色\用户”权限的用户时,我无法进行身份验证。尝试使用用户名:“username”和密码“password”进行身份验证时,会一致返回401 我可以在JSON的输出中看到BCryptPasswordEncoder正在按其应该的方式编码密码,但无论我使用的是原始密码还是编码版本,我仍然无法进行身份验证 我已经为此工作了几天,但都没有用。我有什么遗漏吗 代码如下-- 数据库加载器: User user = new User("first", "last", "username", "p
User user = new User("first", "last", "username", "password", "email", "phone", new String[] {"ROLE_USER"});
userRepository.save(user);
详细信息服务:
@Component
public class DetailsService implements UserDetailsService {
@Autowired
UserRepository users;
@Override
public UserDetails loadUserByUsername(String userUsername) throws UsernameNotFoundException {
User user = users.findByUsername(userUsername);
if (user == null) {
throw new UsernameNotFoundException(userUsername + " was not found");
}
return new org.springframework.security.core.userdetails.User(
user.getUsername(),
user.getUserPassword(),
AuthorityUtils.createAuthorityList(user.getUserRoles())
);
}
}
Web安全配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
DetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(User.PASSWORD_ENCODER);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.csrf().disable();
}
}
用户:
你的问题对这个问题不是很清楚。但我猜你被SpringStarter安全性的用户身份验证卡住了。
你应该检查这个你是对的,这个问题不够具体。它与密码编码器更相关-将重新措辞并提出一个新问题。谢谢它确实帮助我了解了更多关于SpringStarter安全性的知识。我的问题具体到密码编码器——编码的密码永远不会匹配。我完全放弃了它,现在使用的是存储在字符串中的纯文本密码。将在需要时进一步研究密码加密。谢谢
@Entity
public class User {
public static final PasswordEncoder PASSWORD_ENCODER = new BCryptPasswordEncoder();
private long userId;
private String userFirstName;
private String userLastName;
private String username;
@JsonIgnore
private String userPassword;
private String userPhone;
private String userEmail;
@JsonIgnore
private String[] userRoles;
public User() {}
public User(String userFirstName, String userLastName, String username, String userPassword, String userPhone, String userEmail, String[] userRoles) {
this.userFirstName = userFirstName;
this.userLastName = userLastName;
this.username = username;
setUserPassword(userPassword);
this.userPhone = userPhone;
this.userEmail = userEmail;
this.userRoles = userRoles;
}
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
public long getUserId() {
return userId;
}
public void setUserId(long userId) {
this.userId = userId;
}
@Column
public String getUserFirstName() {
return userFirstName;
}
public void setUserFirstName(String userFirstName) {
this.userFirstName = userFirstName;
}
@Column
public String getUserLastName() {
return userLastName;
}
public void setUserLastName(String userLastName) {
this.userLastName = userLastName;
}
@Column
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@Column
public String getUserPassword() {
return userPassword;
}
public void setUserPassword(String userPassword) {
this.userPassword = PASSWORD_ENCODER.encode(userPassword);
}
@Column
public String getUserPhone() {
return userPhone;
}
public void setUserPhone(String userPhone) {
this.userPhone = userPhone;
}
@Column
public String getUserEmail() {
return userEmail;
}
public void setUserEmail(String userEmail) {
this.userEmail = userEmail;
}
@Column
public String[] getUserRoles() {
return userRoles;
}
public void setUserRoles(String[] userRoles) {
this.userRoles = userRoles;
}
}