这是我的控制器类代码,我使用它来获取用户并将特定用户保存在数据库中,但在点击data/或发送数据后,它被提交给我的数据库,但在此之后,我得到这个错误消息。
package com.app.Exam.USerController;
import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.app.Exam.Models.Roles;
import com.app.Exam.Models.User;
import com.app.Exam.Models.UserRoll;
import com.app.Exam.Service.UserService;
@CrossOrigin(origins = "http://localhost:4200")
@RestController
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@Autowired
private PasswordEncoder bCryptPasswordEncoder;
@PostMapping("/")
public User createUser(@RequestBody User user) throws Exception {
User user2=new User();
user2.setPassword(this.bCryptPasswordEncoder.encode(user.getPassword()));
user2.setEmail(user.getEmail());
user2.setFirstName(user.getFirstName());
user2.setLastName(user.getLastName());
user2.setPhone(user.getPhone());
user2.setUserName(user.getUserName());
Roles roll=new Roles();
//roll.setRollId(46L);
roll.setRollName("NORMAL");
//user.setUserRolls(list);
List<UserRoll> list=new ArrayList<>();
UserRoll userRoll=new UserRoll();
userRoll.setRoles(roll);
userRoll.setUser(user2);
list.add(userRoll);
roll.setUserRolls(list);
User local=this.userService.CreateUser(user2,list);
return local;
}
@GetMapping("/{username}")
private User getUserByName(@PathVariable("username") String username) {
User user=this.userService.getUserByName(username);
return user;
}
// @GetMapping("/{id}")
// private User deleteUser(@PathVariable("id") Long id) throws Exception {
// User user=this.userService.deleteUserbyid(id);
// return user;
// }
}
我的spring安全配置类如下:
package com.app.Exam.Security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import com.app.Exam.JwtConfig.JwtAuthenticationEntryPoint;
import com.app.Exam.JwtConfig.JwtRequestFilter;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
@Autowired
JwtRequestFilter jwtAuthenticationFilter;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception{
http
.csrf().disable().cors().disable()
.authorizeHttpRequests()
.requestMatchers("/Authenticate","/user/").permitAll()
.requestMatchers(HttpMethod.OPTIONS).permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(jwtAuthenticationEntryPoint)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authenticationProvider(this.daoAuthenticationProvider());
http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
// @Override
// protected void configure(HttpSecurity http) throws Exception {
// http
// .csrf().disable().cors()
// .disable().authorizeHttpRequests().antMatchers("/Authenticate","/user/").permitAll()
// .antMatchers(HttpMethod.OPTIONS).permitAll()
// .anyRequest().authenticated()
// .and()
// .exceptionHandling()
// .authenticationEntryPoint(jwtAuthenticationEntryPoint)
// .and()
// .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//
// http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
// }
//
@Bean
PasswordEncoder pass() {
return new BCryptPasswordEncoder();
}
// @Bean
// AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
// return authenticationConfiguration.getAuthenticationManager();
// }
@Bean
AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider=new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(this.userDetailsService);
daoAuthenticationProvider.setPasswordEncoder(this.pass());
return daoAuthenticationProvider;
}
}
我的错误Stackstrace如下…在这里输入图像描述在这里输入图像描述enter code here输入图片描述
经过多次研究,我发现这个错误的答案是因为我没有从前端提供用户滚动并在后端定义它的硬编码如果我们想这样做,我们需要在模型中指定属性使用@JsonIgnore像下面的
@OneToMany(cascade = CascadeType。ALL,fetch = FetchType。急切的mappedBy ="user"
@JsonIgnore
private List userRolls=new ArrayList<>();
它通知serverlet请求忽略该特定属性的空json ......
对于这种类型的数据绑定错误使用@JsonIgnore它适用于我。这是jaxb数据绑定错误,这就是为什么spring security在向Db提交数据后抛出Access denied error…