Spring 带有 Jdbc 注释的引导安全性
Spring Boot Security with Jdbc Annotation
WebSecurityConfig.java
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/css/**", "/icons/**", "/js/**", "/images/**").permitAll();
http.authorizeRequests().antMatchers("/bootstrap/**", "/icons/**", "/datatables/**", "/jquery/**",
"/font-awesome/**", "/select2/**").permitAll();
http.authorizeRequests().antMatchers("/", "/")
.permitAll()
.anyRequest()
.authenticated()
.and().formLogin()
.loginPage("/userForm")
.usernameParameter("userName").passwordParameter("password")
.defaultSuccessUrl("/login")
.failureUrl("/userForm")
.permitAll().and()
.logout().logoutUrl("/logout")
.logoutSuccessUrl("/logout").permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select username, password, active_status from bgtool_test_users where username = ? and active_status = 'Y'")
.authoritiesByUsernameQuery(
"select username, role from bgtool_test_users where username = ?")
.passwordEncoder(passwordEncoder())
;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
UserController.java
@Controller
public class UserController {
private final Logger logger = LoggerFactory.getLogger(UserController.class);
@Autowired
private GameFacade gameFacade;
@RequestMapping("/userList")
public String list(Model model) {
List<User> users = gameFacade.findAllUsers();
model.addAttribute("users", users);
logger.debug("Users: {}", users);
return "userList";
}
@RequestMapping(value = "/userForm", method = RequestMethod.GET)
public String userForm(Model model) {
User entry = new User();
model.addAttribute("userLogin", entry);
logger.debug("Login Form");
return "loginForm";
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(@Valid @ModelAttribute("userLogin") User entry, BindingResult result, Model model) {
System.out.println("setting status N");
if (result.hasErrors()) {
logger.debug("Login Form validation error");
return "loginForm";
} else {
entry = gameFacade.findUserByName(entry.getUserName(), entry.getPassword());
if (entry == null) {
result.rejectValue("password", "error.userLogin", "Username or Password incorrect !!");
return "loginForm";
}
logger.debug("Login Successful", entry);
return "home";
}
}
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>frau</groupId>
<artifactId>bgtweb</artifactId>
<packaging>jar</packaging>
<version>1.0.0-SNAPSHOT</version>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.4.0.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<java.version>1.8</java.version>
<derby.version>10.12.1.1</derby.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>${commons-dbcp.version}</version>
</dependency>
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derbyclient</artifactId>
<version>${derby.version}</version>
<scope>runtime</scope>
</dependency>
<!-- SPRING SECURITY -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.jheinzel.maven</groupId>
<artifactId>derby-maven-plugin</artifactId>
<version>1.0</version>
<configuration>
<derbyHome>${project.basedir}/data</derbyHome>
<port>1527</port>
<database>EMDb</database>
</configuration>
</plugin>
</plugins>
</build>
</project>
当我尝试登录时,我被重定向回登录表单页面。映射“/login”的控制器方法没有被调用,因为我没有在控制台中收到相同方法的记录器消息。
我检查了 SQL queries.they 是 correct.I 我无法找到丢失的东西。
任何帮助表示赞赏。提前致谢
你的登录页面url和默认成功url是一样的:
.loginPage("/userForm").usernameParameter("userName").passwordParameter("password")
.defaultSuccessUrl("/userForm")
你了解Spring安全的逻辑链吗?您为每个身份验证步骤声明页面,配置检查您的用户名和密码的身份验证提供程序。是它。因此,有两个可能的错误位置 - 您的映射(页面和控制器)和您的数据库(jdbcAuthentication()).
您的活动不需要控制器 - 只需要页面和安全配置。尝试简化您的示例并删除控制器和调试 jdbc 身份验证
这example显示正确的配置方式
WebSecurityConfig.java
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/css/**", "/icons/**", "/js/**", "/images/**").permitAll();
http.authorizeRequests().antMatchers("/bootstrap/**", "/icons/**", "/datatables/**", "/jquery/**",
"/font-awesome/**", "/select2/**").permitAll();
http.authorizeRequests().antMatchers("/", "/")
.permitAll()
.anyRequest()
.authenticated()
.and().formLogin()
.loginPage("/userForm")
.usernameParameter("userName").passwordParameter("password")
.defaultSuccessUrl("/login")
.failureUrl("/userForm")
.permitAll().and()
.logout().logoutUrl("/logout")
.logoutSuccessUrl("/logout").permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select username, password, active_status from bgtool_test_users where username = ? and active_status = 'Y'")
.authoritiesByUsernameQuery(
"select username, role from bgtool_test_users where username = ?")
.passwordEncoder(passwordEncoder())
;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
UserController.java
@Controller
public class UserController {
private final Logger logger = LoggerFactory.getLogger(UserController.class);
@Autowired
private GameFacade gameFacade;
@RequestMapping("/userList")
public String list(Model model) {
List<User> users = gameFacade.findAllUsers();
model.addAttribute("users", users);
logger.debug("Users: {}", users);
return "userList";
}
@RequestMapping(value = "/userForm", method = RequestMethod.GET)
public String userForm(Model model) {
User entry = new User();
model.addAttribute("userLogin", entry);
logger.debug("Login Form");
return "loginForm";
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(@Valid @ModelAttribute("userLogin") User entry, BindingResult result, Model model) {
System.out.println("setting status N");
if (result.hasErrors()) {
logger.debug("Login Form validation error");
return "loginForm";
} else {
entry = gameFacade.findUserByName(entry.getUserName(), entry.getPassword());
if (entry == null) {
result.rejectValue("password", "error.userLogin", "Username or Password incorrect !!");
return "loginForm";
}
logger.debug("Login Successful", entry);
return "home";
}
}
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>frau</groupId>
<artifactId>bgtweb</artifactId>
<packaging>jar</packaging>
<version>1.0.0-SNAPSHOT</version>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.4.0.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<java.version>1.8</java.version>
<derby.version>10.12.1.1</derby.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>${commons-dbcp.version}</version>
</dependency>
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derbyclient</artifactId>
<version>${derby.version}</version>
<scope>runtime</scope>
</dependency>
<!-- SPRING SECURITY -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.jheinzel.maven</groupId>
<artifactId>derby-maven-plugin</artifactId>
<version>1.0</version>
<configuration>
<derbyHome>${project.basedir}/data</derbyHome>
<port>1527</port>
<database>EMDb</database>
</configuration>
</plugin>
</plugins>
</build>
</project>
当我尝试登录时,我被重定向回登录表单页面。映射“/login”的控制器方法没有被调用,因为我没有在控制台中收到相同方法的记录器消息。 我检查了 SQL queries.they 是 correct.I 我无法找到丢失的东西。 任何帮助表示赞赏。提前致谢
你的登录页面url和默认成功url是一样的:
.loginPage("/userForm").usernameParameter("userName").passwordParameter("password")
.defaultSuccessUrl("/userForm")
你了解Spring安全的逻辑链吗?您为每个身份验证步骤声明页面,配置检查您的用户名和密码的身份验证提供程序。是它。因此,有两个可能的错误位置 - 您的映射(页面和控制器)和您的数据库(jdbcAuthentication()).
您的活动不需要控制器 - 只需要页面和安全配置。尝试简化您的示例并删除控制器和调试 jdbc 身份验证
这example显示正确的配置方式