链接我的代码。通过Postman,我请求用户注册,它出现在数据库中,一切都很好,然后在特殊选项卡中"授权";我在Postman中输入,选择Basic auth,输入数据(用户名和密码(,例如用户名:petya@mail.ru和密码:petya向:http://localhost:8080/landlord/1发出请求您需要将角色从TENANT更改为LANDLORD。但我在Postman中遇到了一个错误,数据库中没有任何更改。我知道授权不起作用,也许我在SecurityConfig文件中写错了什么?
<html lang = "en">
<head>
<meta charset = "utf-8">
<title> Login Customer </title>
</head>
<body>
<div class = "container">
<form class = "form-signin" method = "post" action = "/ auth / login">
<h2 class = "form-signin-heading"> Login </h2>
<p>
<label for = "username"> Username </label>
<input type = "text" id = "username" name = "username" class = "form-control" placeholder = "Username" required>
</p>
<p>
<label for = "password"> Password </label>
<input type = "password" id = "password" name = "password" class = "form-control" placeholder = "Password" required>
</p>
<button class = "btn btn-lg btn-primary btn-block" type = "submit"> Sign in </button>
</form>
</div>
</body>
</html>
安全配置
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
@Autowired
public SecurityConfig(@Qualifier("userDetailsServiceImpl") UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
/** На какие страницы человек имеет доступы */
.antMatchers("/").permitAll()
.antMatchers("/user/registration").permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/auth/login").permitAll()
.defaultSuccessUrl("/auth/success")
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/auth/logout", "POST"))
.invalidateHttpSession(true)
.clearAuthentication(true)
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/auth/login");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(daoAuthenticationProvider());
}
@Bean
protected PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(12);
}
@Bean
protected DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
return daoAuthenticationProvider;
}
}
回答:我没有这样的可能性,或者说它没有实现,我不知道是否有可能创建这样的东西。但我怀疑这是真的。
最初,选择是否要创建有前置,如果没有前置,则只需要Rest控制器(我开始这样做(,您可以从该链接和该链接获得授权。接下来,在Postman中,向身体发出Post请求——这将是您的授权!注意一定要阅读我上面附上的链接上的文章,它们详细地告诉了你一切,我这里没有完整版本的代码,只有可能有问题的代码。还要阅读那里写的评论,尤其是在英语网站上,关于从哪里获得";authenticationManager";。我马上说,它的方法必须在SecurityConfig类中注册。
我希望我的回答能帮助一些人,让他们不那么紧张。
现在新的授权方法的代码:
@PostMapping("/login")
public String getLoginPage(@RequestBody UserDto userDto) {
userService.loginUser(userDto);
return "login";
}
你可以注意到我接受UserDto,其中我有:
@NotNull
@NotEmpty
private String first_name;
@NotNull
@NotEmpty
private String last_name;
@NotNull
@NotEmpty
private String password;
@NotNull
@NotEmpty
private String email;
这是授权检查本身:
public void loginUser(UserDto accountDto) {
UsernamePasswordAuthenticationToken authReq
= new UsernamePasswordAuthenticationToken(accountDto.getEmail(), accountDto.getPassword());
Authentication auth = authenticationManager.authenticate(authReq);
SecurityContext sc = SecurityContextHolder.getContext();
sc.setAuthentication(auth);
}