我正在使用 Angular 制作一个全栈 Web 应用程序 ,弹簧启动和 女巫中的数据库 我有一个管理员和用户的登录表单 我为两者定义了角色。 根据我发现的教程,我创建了 Spring 启动登录配置并且它现在可以工作了,我需要将其链接到我的角度应用程序,但我是堆栈 我不知道如何设置角度形式而不是一个提供了 Angular 是因为它们不在同一个应用程序中,我一直在它们之间使用 REST 控制器,所以如果是的话,我是否可以这样做。 这是登录配置的代码
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private UserprincipalDetailSerice userprincipalDetailSerice;
public SecurityConfiguration(UserprincipalDetailSerice userprincipalDetailSerice){
this.userprincipalDetailSerice=userprincipalDetailSerice;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Bean
DaoAuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider daoAuthenticationProvider =new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
daoAuthenticationProvider.setUserDetailsService(this.userprincipalDetailSerice);
return daoAuthenticationProvider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.authorizeRequests().antMatchers("/allproduits/**").permitAll()
.antMatchers("/getallusers/personnels").hasAnyRole("ADMIN","ANY")
.antMatchers("/getallusers/personnelsbyid/{id}").hasAnyRole("ADMIN","ANY")
.antMatchers("/getallusers/updatepersonnel").hasAnyRole("ADMIN","ANY")
.antMatchers("/getallusers/deletepersonnel/{id}").hasAnyRole("ADMIN")
.antMatchers("/getallusers/encode").permitAll()
.antMatchers("/getallusers/addcpersonnel").hasRole("ADMIN")
.antMatchers("/getallcadres/**").hasAnyRole("ADMIN","ANY")
.and()
.httpBasic()
.and()
.csrf().disable();
// http.csrf().csrfTokenRepository(this.csrfRepo());
}
@Override
public void configure(WebSecurity web ) throws Exception
{
web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
configuration.setExposedHeaders(Arrays.asList("x-auth-token"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
用户详细信息服务类:
@Service
public class UserprincipalDetailSerice implements UserDetailsService {
private personnelReposotry personnelReposotry;
public UserprincipalDetailSerice(personnelReposotry pR){
this.personnelReposotry=pR;
}
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
personnel personnel=this.personnelReposotry.findByMatricule(s);
UserPrincipal userPrincipal=new UserPrincipal(personnel);
System.out.println(personnel.getMatricule()+personnel.getPsw()+"role:"+personnel.getRole());
return userPrincipal;
}
}
用户详细信息类 :
public class UserPrincipal implements UserDetails {
private personnel personnel;
public UserPrincipal(personnel personnel){
this.personnel=personnel;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authorities= new ArrayList<>();
this.personnel.getRoleList().forEach(p->{
GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_" +p) ;
authorities.add(authority);
});
return authorities;
}
@Override
public String getPassword() {
return this.personnel.getPsw();
}
@Override
public String getUsername() {
return this.personnel.getMatricule();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
您当前的代码可能适用于独立应用程序,但不适用于这种情况。相反,您可以使用该代码在身份验证成功时返回一个秘密 JWT(JSON Web 令牌(,用户稍后可以随每个请求一起发送,互联网上有很多教程。