在配置spring的web安全性之后,我的注册器可以正常工作,但是当我尝试登录时,我的登录页面显示我的用户名或密码无效,我使用的是内存h2数据库,如果我输入的是正确的(用户名、密码),我会在注册后检查数据库值。当我在userdetail中使用硬编码值时,服务登录就像预期的那样工作
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home", "/h2-console/**", "/register", "/users")
.permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
//ovo popravlja problem whitelabel error kod pritiska na gumb
http
.headers().frameOptions().sameOrigin();
http
.csrf().disable();
http
.headers().frameOptions().disable();
}
@Autowired
DataSource dataSource;
@Autowired
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource);
}
}sql数据库:
DROP TABLE IF EXISTS employee;
DROP TABLE IF EXISTS authorities;
DROP TABLE IF EXISTS users;
create table users (
id INT AUTO_INCREMENT PRIMARY KEY,
username varchar(50) not null ,
email varchar(120),
password varchar(255) not null,
enabled boolean
);
create table authorities (
username varchar(50) not null,
authority varchar(50) not null,
foreign key (username) references users (username)
);Spring 启动日志:
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.4.4)
2021-04-12 14:12:04.739 INFO 17532 --- [ main] com.m2.cfg.TestApplication : Starting TestApplication using Java 15 on DESKTOP-EFU4KH0 with PID 17532 (C:\Users\Tome\Downloads\spring-security-jpa-master\mc2-test\target\classes started by Tome in C:\Users\Tome\Downloads\spring-security-jpa-master\mc2-test)
2021-04-12 14:12:04.745 INFO 17532 --- [ main] com.m2.cfg.TestApplication : No active profile set, falling back to default profiles: default
2021-04-12 14:12:05.893 INFO 17532 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2021-04-12 14:12:05.961 INFO 17532 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 56 ms. Found 1 JPA repository interfaces.
2021-04-12 14:12:06.578 INFO 17532 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2021-04-12 14:12:06.588 INFO 17532 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2021-04-12 14:12:06.588 INFO 17532 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.44]
2021-04-12 14:12:06.751 INFO 17532 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2021-04-12 14:12:06.751 INFO 17532 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1908 ms
2021-04-12 14:12:06.804 INFO 17532 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2021-04-12 14:12:06.922 INFO 17532 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
2021-04-12 14:12:06.929 INFO 17532 --- [ main] o.s.b.a.h2.H2ConsoleAutoConfiguration : H2 console available at '/h2-console'. Database available at 'jdbc:h2:mem:testdb'
2021-04-12 14:12:07.111 INFO 17532 --- [ main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default]
2021-04-12 14:12:07.159 INFO 17532 --- [ main] org.hibernate.Version : HHH000412: Hibernate ORM core version 5.4.29.Final
2021-04-12 14:12:07.278 INFO 17532 --- [ main] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {5.1.2.Final}
2021-04-12 14:12:07.399 INFO 17532 --- [ main] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
2021-04-12 14:12:07.550 INFO 17532 --- [ main] o.hibernate.id.enhanced.TableGenerator : HHH000398: Explicit segment value for id generator [hibernate_sequences.sequence_name] suggested; using default [default]
2021-04-12 14:12:07.958 INFO 17532 --- [ main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2021-04-12 14:12:07.971 INFO 17532 --- [ main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2021-04-12 14:12:08.113 WARN 17532 --- [ main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2021-04-12 14:12:08.573 INFO 17532 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@43df1377, org.springframework.security.web.context.SecurityContextPersistenceFilter@7f64bd7, org.springframework.security.web.header.HeaderWriterFilter@5badeda0, org.springframework.security.web.authentication.logout.LogoutFilter@2ba318c2, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@67c2b55d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@746fd19b, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@7a587e84, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1cee3e05, org.springframework.security.web.session.SessionManagementFilter@1dd247b, org.springframework.security.web.access.ExceptionTranslationFilter@40b01718, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@565a6af]
2021-04-12 14:12:08.749 INFO 17532 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2021-04-12 14:12:09.040 INFO 17532 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2021-04-12 14:12:09.057 INFO 17532 --- [ main] com.m2.cfg.TestApplication : Started TestApplication in 5.008 seconds (JVM running for 6.678)
2021-04-12 14:12:13.285 INFO 17532 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2021-04-12 14:12:13.285 INFO 17532 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2021-04-12 14:12:13.286 INFO 17532 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
2021-04-12 14:12:13.490 WARN 17532 --- [nio-8080-exec-1] o.a.c.util.SessionIdGeneratorBase : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [145] milliseconds.h2数据库值
注册包含passwordencoder@bean并将对象写入内存数据库中的h2的控制器类:
@Controller
public class RegisterController {
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Autowired
private UserRepository userRepository;
@Autowired
private PasswordEncoder passwordEncoder;
@RequestMapping("/register")
public String read(@ModelAttribute(name = "user") Users user, Model model) {
if(user.getUsername() != null && user.getEmail() != null && user.getPass() != null)
{
var u1 = new Users(user.getUsername(), user.getEmail(), passwordEncoder.encode(user.getPass()));
userRepository.save(u1);
}
return "register";
}
}和登录html代码:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org"
xmlns:sec="https://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
<head>
<title>Spring Security Example </title>
</head>
<body>
<div th:if="${param.error}">
Invalid username and password.
</div>
<div th:if="${param.logout}">
You have been logged out.
</div>
<form th:action="@{/login}" method="post">
<div><label> User Name : <input type="text" name="username"/> </label></div>
<div><label> Password: <input type="password" name="password"/> </label></div>
<div><input type="submit" value="Sign In"/></div>
</form>
<br>
<a href="register.html">register</a>
</body>
</html>用户存储库:
package com.m2.cfg.repository;
import com.m2.cfg.domain.Users;
import org.springframework.data.repository.CrudRepository;
import org.springframework.stereotype.Repository;
@Repository
public interface UserRepository
extends CrudRepository<Users, Integer> {
Users findByUsername(String username);
}
2条答案
按热度按时间kupeojn61#
看看你的眼睛
WebSecurityConfig. 根本没有PasswordEncoder已配置。由于在未编码状态下比较输入的密码,因此将显示无效消息。移动
PasswordEncoder豆子到WebSecurityConfig和配置PasswordEncoder如下所示。ux6nzvsh2#
移动
到
WebSecurityConfig班级。