禁止,http.status=403,带jdbcauthentication()

iovurdzv  于 2021-09-30  发布在  Java
关注(0)|答案(2)|浏览(415)

可能是我犯了什么愚蠢的错误。在我使用配置身份验证之后 jdbcAuthentication() 在我通过chrome登录后出现以下错误(在本文底部)。同样适用于 inMemoryAuthentication() 当我有这个的时候,它就起作用了-

@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser("user").password("pass").roles("REGISTERED_USER").and().withUser("admin")
            .password("pass").roles("ADMIN");

}

这是我的密码-

@EnableWebSecurity
public class FplUserOperationAuthentication extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication()
            .dataSource(dataSource)
            .usersByUsernameQuery("select m.username as username, m.password as password, "
                    + "m.enabled as enabled from stackoverflow.users_main m where m.username = ?")
            .authoritiesByUsernameQuery("select a.username as username, a.role as authority "
                    + "from stackoverflow.authorities a where a.username = ?");
    }

    @Bean
    public PasswordEncoder getPasswordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/user-profile/admin/**").hasAnyRole("ADMIN")
            .antMatchers("/user-profile/users/**").hasAnyRole("REGISTERED_USER","ADMIN")
            .antMatchers("/welcome").permitAll().and().formLogin()
            .and().csrf().disable();
    }

应用程序属性-

endpoints.shutdown.enabled=true
spring.application.name=fpl-user-operations
management.endpoints.web.exposure.include = *
spring.datasource.url = jdbc:oracle:thin:@localhost:1521/ORCLPDB
spring.datasource.username = FPLADMIN
spring.datasource.password = oracle1
spring.devtools.add-properties = false
spring.config.import=optional:configserver:http://localhost:8888
spring.datasource.initialization-mode=always
spring.jpa.hibernate.ddl-auto=none

sql-

alter session set current_schema = stackoverflow;
create table users_main 
(
    username varchar2(20) primary key,
    password varchar2(20),
    enabled char(1)
);

create table authorities
(
    username varchar2(20),
    role varchar2(15),

    constraint authorities_c1 foreign key (username) references users_main (username)

);

sql数据
表用户\u main

表权限

在我尝试以用户名“user”和密码“pass”登录api后,访问api时出错-
错误-

Whitelabel Error Page

This application has no explicit mapping for /error, so you are seeing this as a fallback.
Mon Jun 21 12:18:32 IST 2021
There was an unexpected error (type=Forbidden, status=403).

控制台中的错误-

2021-06-21 14:49:11.520 DEBUG 11856 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Secured GET /error
2021-06-21 14:49:11.520 DEBUG 11856 --- [nio-8080-exec-5] o.s.web.servlet.DispatcherServlet        : "ERROR" dispatch for GET "/error", parameters={}
2021-06-21 14:49:11.521 DEBUG 11856 --- [nio-8080-exec-5] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
2021-06-21 14:49:11.521 DEBUG 11856 --- [nio-8080-exec-5] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2021-06-21 14:49:11.537 DEBUG 11856 --- [nio-8080-exec-5] o.s.w.s.v.ContentNegotiatingViewResolver : Selected 'text/html' given [text/html, text/html;q=0.8]
2021-06-21 14:49:11.538 DEBUG 11856 --- [nio-8080-exec-5] o.j.s.OpenEntityManagerInViewInterceptor : Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2021-06-21 14:49:11.538 DEBUG 11856 --- [nio-8080-exec-5] o.s.web.servlet.DispatcherServlet        : Exiting from "ERROR" dispatch, status 403
2021-06-21 14:49:11.538 DEBUG 11856 --- [nio-8080-exec-5] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request

注意-但是,如果我故意给出错误的凭据,它会说“错误凭据”

vd2z7a6w

vd2z7a6w1#

不知道确切的原因,如果有人知道的话。请让我知道。
更改-在db i中,在所有类型的权限/角色前面添加角色

因此,我现在使用的不是“注册用户”,而是“角色注册用户”。
在这里找到的
我没有发现作为协议明确提到的附加角色。所以我错过了。
我的授权方法-

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/user-profile/admin/**").hasAnyRole("ADMIN")
            .antMatchers("/user-profile/users/**").hasAnyRole("REGISTERED_USER","ADMIN")
            .antMatchers("/welcome").permitAll().and().formLogin()
            .and().csrf().disable();
    }
5rgfhyps

5rgfhyps2#

您尚未在配置方法中包括密码编码器

@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication()
            .dataSource(dataSource)
          **.passwordEncoder(getPasswordEncoder())**
            .usersByUsernameQuery("select m.username as username, m.password as password, "
                    + "m.enabled as enabled from stackoverflow.users_main m where m.username = ?")
            .authoritiesByUsernameQuery("select a.username as username, a.role as authority "
                    + "from stackoverflow.authorities a where a.username = ?");
    }

相关问题