Spring Security Spring安全配置不起作用

xkrw2x1b  于 2023-10-20  发布在  Spring
关注(0)|答案(2)|浏览(191)

我是新来的。我注意到,当我在我的项目中添加spring安全依赖时,我得到了401。因此,我尝试创建一个配置文件,其中添加了以下代码。我又来了401
下面是我的配置文件代码。让我知道如果我错过了什么。

package com.hasti.birdy.portfolio.user.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class UserConfig {

@Bean
public SecurityFilterChain filterChain(HttpSecurity httpSecurity) {
    try {
        System.out.println("filtering certain requests");
        return httpSecurity.csrf()
        .disable()          
        .authorizeHttpRequests()
        .requestMatchers("/api/user/**")
        .permitAll()
        .and()
        .httpBasic()
        .and()
        .build();
    } catch (Exception e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    return null;
}

@Bean
public UserSecurity getUserSecurity() {
    return new UserSecurity();
}
}

这是服务类的代码:

package com.hasti.birdy.portfolio.user.service;

import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;

import org.springframework.stereotype.Service;

import com.hasti.birdy.portfolio.user.config.UserSecurity;
import com.hasti.birdy.portfolio.user.dto.PermissionDto;
import com.hasti.birdy.portfolio.user.dto.UserDto;
import com.hasti.birdy.portfolio.user.mapper.PermissionMapper;
import com.hasti.birdy.portfolio.user.mapper.RoleMapper;
import com.hasti.birdy.portfolio.user.mapper.UserMapper;
import com.hasti.birdy.portfolio.user.model.Permission;
import com.hasti.birdy.portfolio.user.model.Role;
import com.hasti.birdy.portfolio.user.model.UserModel;
import com.hasti.birdy.portfolio.user.repository.RoleRepository;
import com.hasti.birdy.portfolio.user.repository.UserRepository;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;

@Service
@Slf4j
@RequiredArgsConstructor
public class UserService {

private final UserMapper userMapper;
private final RoleMapper roleMapper;
private final PermissionMapper permissionMapper;
private final UserRepository userRepository;
private final RoleRepository roleRepository;
private final UserSecurity userSecurity;
public String createAdmin(UserDto userDto)
{
    UserModel userModel = userMapper.map(userDto);
    Role role = roleRepository.findAdminRole();
    userModel.setEncryptedPassword(userSecurity.getPasswordEncoder().encode(userDto.getPassword()));
    userModel.setRole(role);
    userRepository.save(userModel);
    return "created";
}

public String createCustomer(UserDto userDto)
{
    UserModel userModel = userMapper.map(userDto);
    Role role = roleRepository.findCustomerRole();
    userModel.setEncryptedPassword(userSecurity.getPasswordEncoder().encode(userDto.getPassword()));
    userModel.setRole(role);
    userRepository.save(userModel);
    return "created";
}

}

这是控制器类的代码:

package com.hasti.birdy.portfolio.user.controller;

import org.springframework.http.HttpStatus;
import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import com.hasti.birdy.portfolio.user.dto.UserDto;
import com.hasti.birdy.portfolio.user.service.UserService;

import lombok.RequiredArgsConstructor;

@RequiredArgsConstructor
@RestController
@RequestMapping("/api/user")
public class UserController {

private final UserService userService;
@PostMapping("/hsstudio/admin")
public ResponseEntity<String> createAdmin(@RequestBody UserDto userDto)
{
    userService.createAdmin(userDto);
    return ResponseEntity.status(HttpStatus.CREATED).body("created Admin");
}
@PostMapping()
public ResponseEntity<String> createCustomer(@RequestBody UserDto userDto)
{
    userService.createCustomer(userDto);
    return ResponseEntity.status(HttpStatus.CREATED).body("created customer ");
}

    }
spring-security

2条答案

按热度按时间
roqulrg3

roqulrg31#

你可以试着修改代码,就像这样,对我来说,它在我的本地工作得很好。

  • 在这里,任何与url /api/user/**匹配的请求都是允许的,对于其他url,要求进行身份验证。*
@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.authorizeHttpRequests(x -> x.requestMatchers("/api/user/**")
                                    .permitAll()
                                    .anyRequest().authenticated());
        return httpSecurity.build();
    }
}
赞(0)分享  回复(0)举报  2023-10-20
bcs8qyzn

bcs8qyzn2#

我注意到的一个问题是,您在SecurityFilterChain方法上遗漏了@Bean

>> @Bean <<
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        .....
}
赞(0)分享  回复(0)举报  2023-10-20
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com