小贝子编程

如何使用MYSQL通过spring安全性在安全的rest端点下插入数据



我是spring-boot 2的新手。为了使用spring安全性和基于MySQL的身份验证创建rest完整服务,我遵循了这篇文章,但在注册过程中遇到了麻烦。

问题1:我无法理解注册具有特定角色的用户的URL请求模式
问题2:在浏览器端,如果我点击localhost:8080,那么我会得到我尚未实现的登录页面。为什么我要获得UI,从哪里获得?

Pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.5.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>badar.tme</groupId>
<artifactId>tme</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>tme</name>
<description>TME ordering system developed by ONSETS</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<!-- spring security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

这是登录界面,这对我来说是个奇迹。

Auth控制器(休息控制器(

@RequestMapping(value = "/registration", method = RequestMethod.POST)
public ResponseEntity<Users> createNewUser(@Valid Users user, String role) {
Users userExists = userService.findUserByEmail(user.getEmail());
if (userExists == null) {
ResponseEntity.badRequest().build();
} 
return ResponseEntity.ok(userService.save(user, role));
}

WebSecurityConfigurerAdapter子文件

package com.tme.runner;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import com.tme.service.MyUserDetailsService;
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
@EnableWebSecurity
@EnableJpaRepositories(basePackageClasses = com.tme.repo.UserRepository.class)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter{
@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
@Autowired
private MyUserDetailsService userDetailsService;
//    @Bean
//    public PasswordEncoder passwordEncoder() {
//        return new BCryptPasswordEncoder();
//    }

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(bCryptPasswordEncoder);
}


@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/registration").permitAll()
.antMatchers("/api/v1/**").hasAuthority("ADMIN")
.and()
.csrf().disable()
.formLogin().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/images/**");
}
}

用户实体类

package com.tme.model;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import org.hibernate.validator.constraints.Length;
import javax.persistence.*;
import javax.validation.constraints.Email;
import javax.validation.constraints.NotEmpty;
import java.util.Set;

/**
* @author badar
*/
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
@Entity
@Table(name = "users")
public class Users {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "user_id")
private int id;
@Column(name = "user_name")
@Length(min = 5, message = "*Your user name must have at least 5 characters")
@NotEmpty(message = "*Please provide a user name")
private String userName;
@Column(name = "email")
@Email(message = "*Please provide a valid Email")
@NotEmpty(message = "*Please provide an email")
private String email;
@Column(name = "password")
@Length(min = 5, message = "*Your password must have at least 5 characters")
@NotEmpty(message = "*Please provide your password")
private String password;
@Column(name = "name")
@NotEmpty(message = "*Please provide your name")
private String name;
@Column(name = "last_name")
@NotEmpty(message = "*Please provide your last name")
private String lastName;
@Column(name = "active")
private Boolean active;
@ManyToMany(cascade = CascadeType.MERGE)
@JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id"))
private Set<Roles> roles;
public Users() {}
public Users(
String userName,
String email,
String password,
String name,
String lastName, 
Boolean active) {
this.userName = userName;
this.email = email;
this.password = password;
this.name = name;
this.lastName = lastName;
this.active = active;
}
public Users(
String userName,
String email,
String password,
String name,
String lastName, 
Boolean active, 
Set<Roles> roles) {
this.userName = userName;
this.email = email;
this.password = password;
this.name = name;
this.lastName = lastName;
this.active = active;
this.roles = roles;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public Boolean getActive() {
return active;
}
public void setActive(Boolean active) {
this.active = active;
}
public Set<Roles> getRoles() {
return roles;
}
public void setRoles(Set<Roles> roles) {
this.roles = roles;
}

}

服务等级

package com.tme.service;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import com.tme.model.Roles;
import com.tme.model.Users;
import com.tme.repo.RoleRepository;
import com.tme.repo.UserRepository;
@Service
public class UsersServices {
@Autowired(required=false)
private UserRepository userRepository;
@Autowired(required=false)
private RoleRepository roleRepository;
@Autowired(required=false)
private BCryptPasswordEncoder bCryptPasswordEncoder;
//    public UsersServices(BCryptPasswordEncoder bCryptPasswordEncoder,UserRepository userRepository,
//                       RoleRepository roleRepository
//                       ) {
//        this.userRepository = userRepository;
//        this.roleRepository = roleRepository;
//        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
//    }
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
public List<Users> findAll(){
return userRepository.findAll();
}
public Users findUserByEmail(String email) {
return userRepository.findByEmail(email);
}
public Users findUserByUserName(String userName) {
return userRepository.findByUserName(userName);
}
public Optional<Users> findById(Long id){
return userRepository.findById(id);
}
public Users save(Users data) {
data.setPassword(bCryptPasswordEncoder.encode(data.getPassword()));
data.setActive(true);
Roles userRole = roleRepository.findByRole("ADMIN");
data.setRoles(new HashSet<Roles>(Arrays.asList(userRole)));
return userRepository.save(data);
}
public Users save(Users data, String role) {
data.setPassword(bCryptPasswordEncoder.encode(data.getPassword()));
Roles userRole = roleRepository.findByRole(role);
data.setRoles(new HashSet<Roles>(Arrays.asList(userRole)));
return userRepository.save(data);
}
public void deleteById(Long id) {
userRepository.deleteById(id);
}
}

MyUserDetailsService类

@Service
public class MyUserDetailsService implements UserDetailsService{
@Autowired
private UsersServices userService;
@Override
@Transactional
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
Users user = userService.findUserByEmail(email);
if (user == null) {
throw new UsernameNotFoundException("Not found!");
}
List<GrantedAuthority> authorities = getUserAuthority(user.getRoles());
return buildUserForAuthentication(user, authorities);
}
private List<GrantedAuthority> getUserAuthority(Set<Roles> userRoles) {
Set<GrantedAuthority> roles = new HashSet<GrantedAuthority>();
for (Roles role : userRoles) {
roles.add(new SimpleGrantedAuthority(role.getRole()));
}
List<GrantedAuthority> grantedAuthorities = new ArrayList<>(roles);
return grantedAuthorities;
}
private UserDetails buildUserForAuthentication(Users user, List<GrantedAuthority> authorities) {
return new org.springframework.security.core.userdetails.User(user.getUserName(), user.getPassword(),
user.getActive(), true, true, true, authorities);
}
}

MyUserDetail

public class MyUserDetails extends Users implements UserDetails{
private String userName;
private String email;
private String password;
private String name;
private String lastName; 
private Boolean active;

public MyUserDetails(Users user) {
this.userName = user.getUserName();
this.email = user.getEmail();
this.password = user.getPassword();
this.name = user.getName();
this.lastName = user.getLastName();
this.active = user.getActive();
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
// TODO Auto-generated method stub
return getRoles()
.stream()
.map(role -> new SimpleGrantedAuthority("ROLE_" + role.getRole()))
.collect(Collectors.toList());
}
@Override
public String getPassword() {
// TODO Auto-generated method stub
return password;
}
@Override
public String getUsername() {
// TODO Auto-generated method stub
return userName;
}
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return active;
}
}

我想我做了每一件事。不知道如何保存/Regsiter新用户。如果我能够注册一个用户,那么可以测试我的登录URL。谢谢你。

请在application.properties文件中添加此行

management.security.enabled= false

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium