我是春靴新手。我正试图在spring工具套件(STS)中使用userdetailsservice实现一个简单的spring启动安全性。
下面的控制器:
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HomeController {
@GetMapping("/")
public String home() {
return("<h1>Welcome</h1>");
}
@GetMapping("/user")
public String user() {
return("<h1>Welcome user</h1>");
}
}
和Web安全配置代码:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@EnableWebSecurity
public class AppSecureConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/user").hasRole("USER")
.antMatchers("/").permitAll()
.and().formLogin()
.and().logout().permitAll();
}
@Bean
public PasswordEncoder getPasswordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
我在pom.xml中给出了所有需要的依赖项。
所以,我在应用程序中添加了下面一行。属性文件,现在系统没有生成安全密码。
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration
我已经包含了用户详细信息服务的凭据。下面是用户详细信息服务类
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
@Service
public class MyuserDetails implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
return new userPrincipal(s);
}
}
和userPrincipal类
import java.util.Arrays;
import java.util.Collection;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
public class userPrincipal implements UserDetails {
private static final long serialVersionUID = 1L;
private String userName;
public userPrincipal(String userName) {
this.userName = userName;
}
public userPrincipal() {
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"));
}
@Override
public String getPassword() {
// TODO Auto-generated method stub
return "pass";
}
@Override
public String getUsername() {
// TODO Auto-generated method stub
return userName;
}
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return true;
}
}
现在,当我使用http://localhost:8081/url运行应用程序时,它给出了">没有为org.springframework.security.authentication.UsernamePasswordAuthenticationToken找到AuthenticationProvider"。
我使用Spring工具套件(STS)来运行这个项目。有人能指出我哪里做错了吗?
不要排除整个SecurityAutoConfiguration
,相反,如果你想,你应该只排除org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration
。
或者,您可以公开一个将为您做同样事情的UserDetailsService
bean,并且您可以摆脱configureGlobal
方法,如下所示:
@Bean
public UserDetailsService userDetailsService() {
UserDetails user = User.builder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
添加到您的application.properties
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
你的类看起来像这样:
- 在类中添加@Configuration(根据M. Deinum的建议)
- 指定用户的角色,否则会得到
java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection
@Configuration
@EnableWebSecurity
public class AppSecureConfig extends WebSecurityConfigurerAdapter {
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("{noop}"+"pass").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/user").hasRole("USER")
.antMatchers("/").permitAll()
.and().formLogin()
.and().logout().permitAll();
}
}