Spring 与 JDBC 的会话 |委托人为空
Spring Session with JDBC | Principal is null
我使用 Spring 会话与 JDBC 和 Mysql。
Spring 安全登录成功,但主体名称为空。
有没有人知道,错误是什么?
文件:
application.yaml:
session:
store-type: jdbc
jdbc:
initialize-schema: always
table-name: SPRING_SESSION
配置:
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@EnableJdbcHttpSession
@EnableJpaRepositories(basePackageClasses = UsersRepository.class)
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests()
.antMatchers("/*").authenticated().anyRequest().permitAll()
.antMatchers("/sources/*").anonymous().anyRequest().permitAll()
.antMatchers("/public/*").anonymous().anyRequest().permitAll()
.and()
.formLogin().
loginPage("/login").
loginProcessingUrl("/app-login").
usernameParameter("app_username").
passwordParameter("app_password").
permitAll()
.and()
.exceptionHandling().
accessDeniedPage("/error403");
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
这是数据库的图片table:
link
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>sandbox</groupId>
<artifactId>TestApp</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.5.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
<version>1.0.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-websocket</artifactId>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
</dependencies>
<properties>
<java.version>1.8</java.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<executable>true</executable>
</configuration>
</plugin>
</plugins>
</build>
</project>
更新 03/18/19
我无法更改安全策略。 link
更新
如果我将以下 Bean 添加到我的安全配置中,数据库中的 principal_name 将不再为空。现在有登录用户的用户名。
但是每次站点重新加载后,都会创建一个新会话,因此用户不能说已登录。
@Bean
public HttpSessionIdResolver httpSessionIdResolver(){
return new HeaderHttpSessionIdResolver("X-Auth-Token");
}
您的凭据在登录后将被删除。您可以阻止这种情况,但您无法从 Principle 或 SecurityContext 中找到密码。在上面的配置文件中尝试以下代码:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.eraseCredentials(false);
auth.userDetailsService(myUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
更新
添加以下 bean 并查看结果:
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
另外请在您的问题中添加pom.xml内容。
更新
如果您使用 Thymeleaf,请将这些行添加到您的 pom:
<properties>
<thymeleaf.version>3.0.11.RELEASE</thymeleaf.version>
<thymeleaf-layout-dialect.version>2.3.0</thymeleaf-layout-dialect.version>
<thymeleaf-extras-springsecurity4.version>3.0.4.RELEASE</thymeleaf-extras-springsecurity4.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
现在是主要部分,你的配置文件:
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@EnableJdbcHttpSession
@EnableJpaRepositories(basePackageClasses = UsersRepository.class)
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
<strike>@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}</strike>
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.eraseCredentials(false);
auth.userDetailsService(myUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests()
.antMatchers("/*").authenticated().anyRequest().permitAll()
.antMatchers("/sources/*").anonymous().anyRequest().permitAll()
.antMatchers("/public/*").anonymous().anyRequest().permitAll()
.and()
.formLogin().
loginPage("/login").
loginProcessingUrl("/app-login").
usernameParameter("app_username").
passwordParameter("app_password").
permitAll()
.and()
.exceptionHandling().
accessDeniedPage("/error403");
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
最后是控制器:
@ResponseBody
@GetMapping("/check")
public String check(Principal principal) {
System.out.println(principal.getName());
return "ok";
}
如果您使用的是 spring 3 那么这可能会帮助您获取用户名
@RequestMapping(value="", method = RequestMethod.method)
public String showCurrentUser(Principal principal) {
return principal.getName();
}
或更改 SecurityContextHolder MODE 可能对您有所帮助。 Refer Here
@GetMapping(value = {"/", ""})
public String start(Principal principal, Model model) {
if(principal.getName()!=null)
{
//your code
}
else
{
//your code
}
return something;
}
终于找到问题了。我必须为我的用户 class 实现接口 Serializable。现在可以正常使用了。
我使用 Spring 会话与 JDBC 和 Mysql。 Spring 安全登录成功,但主体名称为空。
有没有人知道,错误是什么?
文件:
application.yaml:
session:
store-type: jdbc
jdbc:
initialize-schema: always
table-name: SPRING_SESSION
配置:
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@EnableJdbcHttpSession
@EnableJpaRepositories(basePackageClasses = UsersRepository.class)
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests()
.antMatchers("/*").authenticated().anyRequest().permitAll()
.antMatchers("/sources/*").anonymous().anyRequest().permitAll()
.antMatchers("/public/*").anonymous().anyRequest().permitAll()
.and()
.formLogin().
loginPage("/login").
loginProcessingUrl("/app-login").
usernameParameter("app_username").
passwordParameter("app_password").
permitAll()
.and()
.exceptionHandling().
accessDeniedPage("/error403");
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
这是数据库的图片table: link
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>sandbox</groupId>
<artifactId>TestApp</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.5.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
<version>1.0.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-websocket</artifactId>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
</dependencies>
<properties>
<java.version>1.8</java.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<executable>true</executable>
</configuration>
</plugin>
</plugins>
</build>
</project>
更新 03/18/19
我无法更改安全策略。 link
更新
如果我将以下 Bean 添加到我的安全配置中,数据库中的 principal_name 将不再为空。现在有登录用户的用户名。 但是每次站点重新加载后,都会创建一个新会话,因此用户不能说已登录。
@Bean
public HttpSessionIdResolver httpSessionIdResolver(){
return new HeaderHttpSessionIdResolver("X-Auth-Token");
}
您的凭据在登录后将被删除。您可以阻止这种情况,但您无法从 Principle 或 SecurityContext 中找到密码。在上面的配置文件中尝试以下代码:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.eraseCredentials(false);
auth.userDetailsService(myUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
更新
添加以下 bean 并查看结果:
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
另外请在您的问题中添加pom.xml内容。
更新
如果您使用 Thymeleaf,请将这些行添加到您的 pom:
<properties>
<thymeleaf.version>3.0.11.RELEASE</thymeleaf.version>
<thymeleaf-layout-dialect.version>2.3.0</thymeleaf-layout-dialect.version>
<thymeleaf-extras-springsecurity4.version>3.0.4.RELEASE</thymeleaf-extras-springsecurity4.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
现在是主要部分,你的配置文件:
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@EnableJdbcHttpSession
@EnableJpaRepositories(basePackageClasses = UsersRepository.class)
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
<strike>@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}</strike>
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.eraseCredentials(false);
auth.userDetailsService(myUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests()
.antMatchers("/*").authenticated().anyRequest().permitAll()
.antMatchers("/sources/*").anonymous().anyRequest().permitAll()
.antMatchers("/public/*").anonymous().anyRequest().permitAll()
.and()
.formLogin().
loginPage("/login").
loginProcessingUrl("/app-login").
usernameParameter("app_username").
passwordParameter("app_password").
permitAll()
.and()
.exceptionHandling().
accessDeniedPage("/error403");
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
最后是控制器:
@ResponseBody
@GetMapping("/check")
public String check(Principal principal) {
System.out.println(principal.getName());
return "ok";
}
如果您使用的是 spring 3 那么这可能会帮助您获取用户名
@RequestMapping(value="", method = RequestMethod.method)
public String showCurrentUser(Principal principal) {
return principal.getName();
}
或更改 SecurityContextHolder MODE 可能对您有所帮助。 Refer Here
@GetMapping(value = {"/", ""})
public String start(Principal principal, Model model) {
if(principal.getName()!=null)
{
//your code
}
else
{
//your code
}
return something;
}
终于找到问题了。我必须为我的用户 class 实现接口 Serializable。现在可以正常使用了。