Spring 带有 Jdbc 注释的引导安全性

Question

WebSecurityConfig.java

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

    @Autowired
    DataSource dataSource;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/css/**", "/icons/**", "/js/**", "/images/**").permitAll();
        http.authorizeRequests().antMatchers("/bootstrap/**", "/icons/**", "/datatables/**", "/jquery/**",
                "/font-awesome/**", "/select2/**").permitAll();
        http.authorizeRequests().antMatchers("/", "/")
                                .permitAll()
                                .anyRequest()
                                .authenticated()
                                .and().formLogin()
                                .loginPage("/userForm")
                                .usernameParameter("userName").passwordParameter("password")
                                .defaultSuccessUrl("/login")
                                .failureUrl("/userForm")
                                .permitAll().and()
                                .logout().logoutUrl("/logout")
                                .logoutSuccessUrl("/logout").permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().dataSource(dataSource)
            .usersByUsernameQuery(
                "select username, password, active_status from bgtool_test_users where username = ? and active_status = 'Y'")
            .authoritiesByUsernameQuery(
                    "select username, role from bgtool_test_users where username = ?")
            .passwordEncoder(passwordEncoder())
            ;
   }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

UserController.java

@Controller
public class UserController {
private final Logger logger = LoggerFactory.getLogger(UserController.class);

@Autowired
private GameFacade gameFacade;

@RequestMapping("/userList")
public String list(Model model) {
    List<User> users = gameFacade.findAllUsers();

    model.addAttribute("users", users);
    logger.debug("Users: {}", users);

    return "userList";
}

@RequestMapping(value = "/userForm", method = RequestMethod.GET)
public String userForm(Model model) {

    User entry = new User();
    model.addAttribute("userLogin", entry);
    logger.debug("Login Form");
    return "loginForm";
}

@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(@Valid @ModelAttribute("userLogin") User entry, BindingResult result, Model model) {
    System.out.println("setting status N");
    if (result.hasErrors()) {
        logger.debug("Login Form validation error");
        return "loginForm";
    } else {
        entry = gameFacade.findUserByName(entry.getUserName(), entry.getPassword());
        if (entry == null) {
            result.rejectValue("password", "error.userLogin", "Username or Password incorrect !!");
            return "loginForm";
        }
        logger.debug("Login Successful", entry);
        return "home";
    }
}

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>frau</groupId>
<artifactId>bgtweb</artifactId>
<packaging>jar</packaging>
<version>1.0.0-SNAPSHOT</version>

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.4.0.RELEASE</version>
</parent>

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <java.version>1.8</java.version>
    <derby.version>10.12.1.1</derby.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-devtools</artifactId>
    </dependency>

    <dependency>
        <groupId>commons-dbcp</groupId>
        <artifactId>commons-dbcp</artifactId>
        <version>${commons-dbcp.version}</version>
    </dependency>

    <dependency>
        <groupId>org.apache.derby</groupId>
        <artifactId>derbyclient</artifactId>
        <version>${derby.version}</version>
        <scope>runtime</scope>
    </dependency>

<!-- SPRING SECURITY -->
         <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-web</artifactId>
         </dependency>
         <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-config</artifactId>
         </dependency>
         <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-security</artifactId>
         </dependency>

         <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
         <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-core</artifactId>
         </dependency>


</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>

        <plugin>
            <groupId>org.jheinzel.maven</groupId>
            <artifactId>derby-maven-plugin</artifactId>
            <version>1.0</version>
            <configuration>
                <derbyHome>${project.basedir}/data</derbyHome>
                <port>1527</port>
                <database>EMDb</database>
            </configuration>
        </plugin>

    </plugins>
</build>

</project>

当我尝试登录时，我被重定向回登录表单页面。映射“/login”的控制器方法没有被调用，因为我没有在控制台中收到相同方法的记录器消息。我检查了 SQL queries.they 是 correct.I 我无法找到丢失的东西。任何帮助表示赞赏。提前致谢

Answer 1

你的登录页面url和默认成功url是一样的：

.loginPage("/userForm").usernameParameter("userName").passwordParameter("password")
.defaultSuccessUrl("/userForm")

你了解Spring安全的逻辑链吗？您为每个身份验证步骤声明页面，配置检查您的用户名和密码的身份验证提供程序。是它。因此，有两个可能的错误位置 - 您的映射（页面和控制器）和您的数据库（jdbcAuthentication()).

您的活动不需要控制器 - 只需要页面和安全配置。尝试简化您的示例并删除控制器和调试 jdbc 身份验证

这example显示正确的配置方式

Spring 带有 Jdbc 注释的引导安全性

Spring Boot Security with Jdbc Annotation

spring

spring-security

spring-boot

annotations

spring-java-config