可能是我犯了什么愚蠢的错误。在我使用配置身份验证之后 jdbcAuthentication() 在我通过chrome登录后出现以下错误(在本文底部)。同样适用于 inMemoryAuthentication() 当我有这个的时候,它就起作用了-
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("pass").roles("REGISTERED_USER").and().withUser("admin")
.password("pass").roles("ADMIN");
}这是我的密码-
@EnableWebSecurity
public class FplUserOperationAuthentication extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("select m.username as username, m.password as password, "
+ "m.enabled as enabled from stackoverflow.users_main m where m.username = ?")
.authoritiesByUsernameQuery("select a.username as username, a.role as authority "
+ "from stackoverflow.authorities a where a.username = ?");
}
@Bean
public PasswordEncoder getPasswordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/user-profile/admin/**").hasAnyRole("ADMIN")
.antMatchers("/user-profile/users/**").hasAnyRole("REGISTERED_USER","ADMIN")
.antMatchers("/welcome").permitAll().and().formLogin()
.and().csrf().disable();
}应用程序属性-
endpoints.shutdown.enabled=true
spring.application.name=fpl-user-operations
management.endpoints.web.exposure.include = *
spring.datasource.url = jdbc:oracle:thin:@localhost:1521/ORCLPDB
spring.datasource.username = FPLADMIN
spring.datasource.password = oracle1
spring.devtools.add-properties = false
spring.config.import=optional:configserver:http://localhost:8888
spring.datasource.initialization-mode=always
spring.jpa.hibernate.ddl-auto=nonesql-
alter session set current_schema = stackoverflow;
create table users_main
(
username varchar2(20) primary key,
password varchar2(20),
enabled char(1)
);
create table authorities
(
username varchar2(20),
role varchar2(15),
constraint authorities_c1 foreign key (username) references users_main (username)
);sql数据
表用户\u main
表权限
在我尝试以用户名“user”和密码“pass”登录api后,访问api时出错-
错误-
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Mon Jun 21 12:18:32 IST 2021
There was an unexpected error (type=Forbidden, status=403).控制台中的错误-
2021-06-21 14:49:11.520 DEBUG 11856 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : Secured GET /error
2021-06-21 14:49:11.520 DEBUG 11856 --- [nio-8080-exec-5] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for GET "/error", parameters={}
2021-06-21 14:49:11.521 DEBUG 11856 --- [nio-8080-exec-5] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
2021-06-21 14:49:11.521 DEBUG 11856 --- [nio-8080-exec-5] o.j.s.OpenEntityManagerInViewInterceptor : Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
2021-06-21 14:49:11.537 DEBUG 11856 --- [nio-8080-exec-5] o.s.w.s.v.ContentNegotiatingViewResolver : Selected 'text/html' given [text/html, text/html;q=0.8]
2021-06-21 14:49:11.538 DEBUG 11856 --- [nio-8080-exec-5] o.j.s.OpenEntityManagerInViewInterceptor : Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
2021-06-21 14:49:11.538 DEBUG 11856 --- [nio-8080-exec-5] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 403
2021-06-21 14:49:11.538 DEBUG 11856 --- [nio-8080-exec-5] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request注意-但是,如果我故意给出错误的凭据,它会说“错误凭据”
2条答案
按热度按时间vd2z7a6w1#
不知道确切的原因,如果有人知道的话。请让我知道。
更改-在db i中,在所有类型的权限/角色前面添加角色
因此,我现在使用的不是“注册用户”,而是“角色注册用户”。
在这里找到的
我没有发现作为协议明确提到的附加角色。所以我错过了。
我的授权方法-
5rgfhyps2#
您尚未在配置方法中包括密码编码器