我对springsecurity非常陌生,我想看看是否有一种方法来保护这些查询字符串,这样当您执行诸如“login”之类的操作时,它们就不会出现在开发人员控制台中,但仍然可以在我的springboot服务(如userservice)中访问?
有没有一种我不知道的加密方法?我有点搞不懂做这件事的最佳方法。
(我的项目使用的是vue前端,而不是内置的springboot登录等)
我的网站安全配置-
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public static final String AUTHORITY_QUERY = "SELECT email, password, firstName, lastName, phoneNumber FROM***.user";
public static final String USERS_QUERY = "INSERT INTO***.user (firstName, lastName, phoneNumber,email,password,emailIsVerified,agreedToTermsOfService,dateTimeCreated,psapAffiliationHasBeenVerified,hasSeenWalkthrough,isAdmin,is_enabled) values(:firstName, :lastName, :phoneNumber,:email,:password,0,0,now(),0,0,0,1)";
public static final String CONFIRMATION_QUERY = "INSERT INTO***.user (phoneNumber,email,password,emailIsVerified,agreedToTermsOfService,companyName,is_enabled) values(:phoneNumber,:email,:password,1,1,:companyName,1)";
@Autowired
private DataSource dataSource;
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(20);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.usersByUsernameQuery(USERS_QUERY)
.authoritiesByUsernameQuery(AUTHORITY_QUERY)
.dataSource(dataSource);
}
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers("/api").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
}
}用户服务示例-
public void confirmNewUserAccount(User user) {
if(user.getEmailVerificationCode() != null) {
namedParameterJdbcTemplate.update(WebSecurityConfig.CONFIRMATION_QUERY, new BeanPropertySqlParameterSource(user));
System.out.println("Account verified");
} else {
new ResponseEntity<Error>(HttpStatus.CONFLICT);
}
}
暂无答案!
目前还没有任何答案,快来回答吧!