春季安全基本8月份不使用CustomUserDetailsService
春季安全基本8月份不使用CustomUserDetailsService
提问于 2015-01-12 15:34:03
我的项目是最新的Spring +泽西岛,我在登录验证方面有问题。
我的安全配置是:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Autowired
private DataSource datasource;
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.csrf().disable().authorizeRequests()
.antMatchers("/api/user/**").permitAll()
.antMatchers("/api/**").authenticated().and().httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder());
auth.jdbcAuthentication().dataSource(datasource);
}
@Bean
public UserDetailsService userDetailsService()
{
return new CustomUserDetailsService(datasource);
}
}但当我这么做的时候
@POST
@Path("authenticate")
@Produces(MediaType.APPLICATION_JSON)
public Response authenticate(@HeaderParam("username") String username, @HeaderParam("password") String password)
{
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(username, password);
Authentication authentication = this.authManager.authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
UserDetails userDetails = this.userService.loadUserByUsername(username);
return createOkResponse(userDetails.getUsername());
}身份验证方法是在InMemoryUserDetailsManager而不是CustomUserDetailsService中使用的,我需要它来进行登录验证。是如何更改的?
如有需要:
public class CustomUserDetailsService extends JdbcUserDetailsManager implements UserDetailsService
{
@Autowired
private UserRepository userRepository;
public CustomUserDetailsService(DataSource datasource)
{
setDataSource(datasource);
}
@Override
public CurrentUserInfo loadUserByUsername(String email)
throws UsernameNotFoundException
{
User user = userRepository.findByPrimaryEmailAndEnabledTrue(email);
handleUserNotFound(email, user);
return new CurrentUserInfo(user);
}
private void handleUserNotFound(String email, User user)
{
if (user == null)
{
throw new UsernameNotFoundException("No user found with email: " + email);
}
}
}起始依赖关系:
compile("org.springframework.boot:spring-boot-starter-web") {
exclude module: 'spring-boot-starter-tomcat'
}
compile "org.springframework.boot:spring-boot-starter-jetty"
compile "org.springframework.boot:spring-boot-starter-security"
compile "org.springframework.boot:spring-boot-starter-aop"
compile "org.springframework.boot:spring-boot-starter-data-jpa"
compile "org.springframework.boot:spring-boot-starter-thymeleaf"
compile "org.springframework.boot:spring-boot-starter-jersey"
compile("org.springframework.boot:spring-boot-starter-actuator") { exclude module: 'hsqldb' }回答 1
Stack Overflow用户
回答已采纳
发布于 2015-01-13 07:15:53
问题是,您正在“注册”一个只对AuthenticationManager URI可用的/api,而不是将它作为一个bean公开给ApplicationContext。当使用Spring时,它将添加一个全局启动,并向默认用户注入一个生成的密码。
Spring将检测已经可用的AuthenticationManager的存在。要注册全局对象,只需创建一个以AuthenticationManagerBuilder作为参数并使用@Autowired注释if的方法。只需确保它不被命名为configure,因为这样做是行不通的。
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder());
auth.jdbcAuthentication().dataSource(datasource);
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/27905492
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号