Spring Security 我正在使用Vaadin 23和Spring安全与PostgreSQL,我有实体，存储库和服务类完成,需要帮助-登录身份验证

ntjbwcob 于 2023-03-23 发布在 Spring

关注(0)|答案(1)|浏览(127)

我想修改bean public UserDetailsManager userDetailsService（）。我想从登录表单中获取用户名，并查找该用户是否存在于数据库中，然后使用找到的用户返回usedaetails。下面是vaadin docs给出的代码。我不想使用InMemoryUserDetailsManager。

@EnableWebSecurity 
@Configuration
public class SecurityConfiguration
                extends VaadinWebSecurity { 

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // Delegating the responsibility of general configurations
        // of http security to the super class. It's configuring
        // the followings: Vaadin's CSRF protection by ignoring
        // framework's internal requests, default request cache,
        // ignoring public views annotated with @AnonymousAllowed,
        // restricting access to other views/endpoints, and enabling
        // ViewAccessChecker authorization.
        // You can add any possible extra configurations of your own
        // here (the following is just an example):

        // http.rememberMe().alwaysRemember(false);

        // Configure your static resources with public access before calling
        // super.configure(HttpSecurity) as it adds final anyRequest matcher
        http.authorizeRequests().antMatchers("/public/**")
            .permitAll();

        super.configure(http); 

        // This is important to register your login view to the
        // view access checker mechanism:
        setLoginView(http, LoginView.class); 
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        // Customize your WebSecurity configuration.
        super.configure(web);
    }

    /**
     * Demo UserDetailsManager which only provides two hardcoded
     * in memory users and their roles.
     * NOTE: This shouldn't be used in real world applications.
     */
    @Bean
    public UserDetailsManager userDetailsService() {
        UserDetails user =
                User.withUsername("user")
                        .password("{noop}user")
                        .roles("USER")
                        .build();
        UserDetails admin =
                User.withUsername("admin")
                        .password("{noop}admin")
                        .roles("ADMIN")
                        .build();
        return new InMemoryUserDetailsManager(user, admin);
    }
}

我需要帮助。我被困在这里。我不知道如何获得（1）用户名在这个类。（2）我不知道如何从数据库中获得用户在这里。顺便说一句，我有服务，仓库和实体类工作，我可以访问数据库outsie这个类。谢谢

spring-security

来源：https://stackoverflow.com/questions/75669549/i-am-using-vaadin-23-and-spring-security-with-postgressql-i-have-entity-reposi

1条答案

按热度按时间

ghg1uchk1#

首先，你应该创建UserDetailService和UserPrincipal类：

@Service
public class MyUserDetailsService implements UserDetailsService {

private final UserRepository userRepository;

public MyUserDetailsService(UserRepository userRepository) {
    this.userRepository = userRepository;
}

@Override
public UserDetails loadUserByUsername(String username) {
    User user = userRepository.findByName(username);
    if(user == null) {
        throw new UsernameNotFoundException(username);
    }
    return new MyUserPrincipal(user);
}
}

public class MyUserPrincipal implements UserDetails {
private User user;

public MyUserPrincipal(User user) {
    this.user = user;
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
    return Collections.singletonList(new 
SimpleGrantedAuthority(user.getRole()));
}

@Override
public String getPassword() {
    return this.user.getPassword();
}

@Override
public String getUsername() {
    return this.user.getName();
}

@Override
public boolean isAccountNonExpired() {
    return true;
}

@Override
public boolean isAccountNonLocked() {
    return true;
}

@Override
public boolean isCredentialsNonExpired() {
    return true;
}

@Override
public boolean isEnabled() {
    return true;
}
}

然后配置安全类如下：

@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends VaadinWebSecurity {

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    setLoginView(http, LoginView.class);
}

@Bean
public AuthenticationManager authenticationManager(HttpSecurity http, 
PasswordEncoder bCryptPasswordEncoder,

UserDetailsService 
userDetailService) throws Exception {
    return http.getSharedObject(AuthenticationManagerBuilder.class)
            .userDetailsService(userDetailService)
            .passwordEncoder(bCryptPasswordEncoder)
            .and()
            .build();
}

@Bean
public PasswordEncoder getPasswordEncoder() {
    return new BCryptPasswordEncoder();
}
}

赞(0）回复(0）举报 2023-03-23

我来回答

Spring Security 我正在使用Vaadin 23和Spring安全与PostgreSQL,我有实体，存储库和服务类完成,需要帮助-登录身份验证

1条答案

相关问题

热门标签

最新问答