将SpringSecurityConfig迁移到Sping Boot 3 [已关闭]

ppcbkaq5  于 2024-01-05  发布在  Spring
关注(0)|答案(1)|浏览(183)

**已关闭。**此问题需要debugging details。目前不接受回答。

编辑问题以包括desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem。这将帮助其他人回答问题。
27天前关闭。
Improve this question
我一直在努力将SecurityConfig文件Map到较新的Spring版本。具体来说,这个问题(我认为)是由UserDetailsService()或与之相关的东西引起的。我试图通过将原始密码传递到登录页面来登录,而加密密码则硬编码到数据库中(我刚刚粘贴了encode()方法返回的字符串)。在尝试这样做的同时,我得到了以下消息:

  1. Hibernate: select u1_0.id,u1_0.name,u1_0.password,u1_0.username from users u1_0 where u1_0.username=?
  2. Hibernate: select a1_0.user_id,a1_0.id,a1_0.authority from authority a1_0 where a1_0.user_id=?

字符串
看起来好像id在某个地方没有正确传递,但我不确定对此有什么感觉。我只是无法正确登录。
下面我将向你展示我来自哪里,我有什么atm,以及其他一些文件,但是它们应该很好,因为在Sping Boot 3中对它们的编码方式没有太多更改。无论如何,因为我不确定它们可能会有帮助,所以它们在这里:
旧文件:

  1. @Configuration
  2. public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
  3.   
  4.   @Autowired
  5.   private UserDetailsService userDetailsService;
  7.   @Bean
  8.   public PasswordEncoder getPasswordEncoder() {
  9.     return new BCryptPasswordEncoder();
  10.   }
  11.   
  12.   @Override
  13.   protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  14.     auth
  15.       .userDetailsService(userDetailsService)
  16.       .passwordEncoder(getPasswordEncoder());
  17.         
  18. //    auth.inMemoryAuthentication()
  19. //        .passwordEncoder(getPasswordEncoder())
  20. //        .withUser("[email protected]")
  21. //        .password(getPasswordEncoder().encode("asdfasdf"))
  22. //        .roles("USER");
  23.   }
  24.   
  25.   @Override
  26.   protected void configure(HttpSecurity http) throws Exception {
  27.     http
  28.         .authorizeRequests()
  29.           .antMatchers("/").permitAll()
  30.           .anyRequest().hasRole("USER").and()
  31.         .formLogin()
  32.           .loginPage("/login")
  33.           .defaultSuccessUrl("/dashboard")
  34.           .permitAll()
  35.           .and()
  36.         .logout()
  37.           .logoutUrl("/logout")
  38.           .permitAll();
  39.   }
  40. }


新文件:

  1. @Configuration
  2. @EnableWebSecurity
  3. public class WebSecurityConfig
  4. {
  5.     @Autowired
  6.     private UserDetailsService userDetailsService;
  8.     @Bean
  9.     public UserDetailsService userDetailsService()
  10.     {
  11.         return new UserDetailsServiceImpl();
  12.     }
  14.     @Bean
  15.     public PasswordEncoder passwordEncoder()
  16.     {
  17.         return new BCryptPasswordEncoder();
  18.     }
  20.     @Bean
  21.     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception
  22.     {
  23.         return
  24.             http.authorizeHttpRequests()
  25.                 .requestMatchers("/").permitAll()
  26.                 .anyRequest().hasRole("USER")
  27.                 .and()
  28.                 .formLogin()
  29.                     .loginPage("/login")
  30.                     .defaultSuccessUrl("/dashboard")
  31.                     .permitAll()
  32.                     .and()
  33.                 .logout()
  34.                     .logoutUrl("/logout").permitAll()
  35.                 .and().build();
  36.     }
  38.         @Bean
  39.         public AuthenticationProvider authenticationProvider()
  40.         {
  41.             DaoAuthenticationProvider authenticationProvider=new DaoAuthenticationProvider();
  42.             authenticationProvider.setUserDetailsService(userDetailsService());
  43.             authenticationProvider.setPasswordEncoder(passwordEncoder());
  44.             return authenticationProvider;
  45.         }
  46. }


UserDetailsServiceImpl:

  1. @Service
  2. public class UserDetailsServiceImpl implements UserDetailsService
  3. {
  4.     @Autowired
  5.     private UserRepository userRepo;
  7.     @Override
  8.     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
  9.     {
  10.         User user = userRepo.findByUsername(username);
  12.         if(user == null)
  13.         {
  14.             throw new UsernameNotFoundException("Invalid username and password");
  15.         }
  16.         return new CustomSecurityUser(user);
  17.     }
  18. }


CustomSecurityUser:

  1. public class CustomSecurityUser extends User implements UserDetails
  2. {
  3.     private static final long serialVersionUID = 464958176L;
  4.     
  5.     public CustomSecurityUser()
  6.     {}
  8.     public CustomSecurityUser(User user)
  9.     {
  10.         this.setAuthorities(user.getAuthorities());
  11.         this.setId(user.getId());
  12.         this.setName(user.getName());
  13.         this.setPassword(user.getPassword());
  14.         this.setUsername(user.getUsername());
  15.     }
  17.     @Override
  18.     public Set<Authority> getAuthorities()
  19.     {
  20.         return super.getAuthorities();
  21.     }
  23.     @Override
  24.     public String getPassword()
  25.     {
  26.         return super.getPassword();
  27.     }
  29.     @Override
  30.     public String getUsername()
  31.     {
  32.         return super.getUsername();
  33.     }
  35.     @Override
  36.     public boolean isAccountNonExpired()
  37.     {
  38.         return true;
  39.     }
  41.     @Override
  42.     public boolean isAccountNonLocked()
  43.     {
  44.         return true;
  45.     }
  47.     @Override
  48.     public boolean isCredentialsNonExpired()
  49.     {
  50.         return true;
  51.     }
  53.     @Override
  54.     public boolean isEnabled()
  55.     {
  56.         return true;
  57.     }
  58. }


UserRepository:

  1. public interface UserRepository extends JpaRepository<User, Long>
  2. {
  3.     User findByUsername(String username);
  4.     
  5. }


权限:

  1. package com.freshvotes.security;
  2. import org.springframework.security.core.GrantedAuthority;
  3. import com.freshvotes.domain.User;
  4. import jakarta.persistence.Entity;
  5. import jakarta.persistence.GeneratedValue;
  6. import jakarta.persistence.GenerationType;
  7. import jakarta.persistence.Id;
  8. import jakarta.persistence.ManyToOne;
  10. @Entity
  11. public class Authority implements GrantedAuthority
  12. {
  13.     private static final long serialVersionUID = -6420181486L;
  14.     private Long id;
  15.     private String authority;
  16.     private User user;
  17.     @Override
  18.     public String getAuthority()
  19.     {
  20.         return this.authority;
  21.     }
  22.     public void setAuthority(String authority)
  23.     {
  24.         this.authority = authority;
  25.     }
  27.     @Id @GeneratedValue(strategy=GenerationType.IDENTITY)
  28.     public Long getId()
  29.     {
  30.         return this.id;
  31.     }
  33.     public void setId(Long id)
  34.     {
  35.         this.id = id;
  36.     }
  38.     @ManyToOne()
  39.     public User getUser()
  40.     {
  41.         return this.user;
  42.     }
  44.     public void setUser(User user)
  45.     {
  46.         this.user = user;
  47.     }
  49. }


用户实体:

  1. @Entity
  2. @Table(name = "users")
  3. public class User
  4. {
  5.     private Long id;
  6.     private String username;
  7.     private String password;
  8.     private String name;
  9.     private Set<Authority> authorities = new HashSet<>();
  11.     @Id @GeneratedValue(strategy=GenerationType.IDENTITY)
  12.     public Long getId()
  13.     {
  14.         return id;
  15.     }
  16.     public void setId(Long id)
  17.     {
  18.         this.id = id;
  19.     }
  21.     public String getUsername()
  22.     {
  23.         return username;
  24.     }
  25.     public void setUsername(String username)
  26.     {
  27.         this.username = username;
  28.     }
  30.     public String getPassword()
  31.     {
  32.         return password;
  33.     }
  34.     public void setPassword(String password)
  35.     {
  36.         this.password = password;
  37.     }
  39.     public String getName()
  40.     {
  41.         return name;
  42.     }
  43.     public void setName(String name)
  44.     {
  45.         this.name = name;
  46.     }
  48.     @OneToMany(cascade=CascadeType.ALL, fetch=FetchType.EAGER, mappedBy="user")
  49.     public Set<Authority> getAuthorities()
  50.     {
  51.         return this.authorities;
  52.     }
  53.     public void setAuthorities(Set<Authority> authorities)
  54.     {
  55.         this.authorities = authorities;
  56.     }
  57.     
  59. }


我希望这将是有可能作出的东西了。我删除了进口,因为我不能张贴我的问题,否则。

spring

1条答案

按热度按时间
xeufq47z

xeufq47z1#

您的数据库中的数据似乎有问题。我克隆了您的存储库并通过添加数据进行了测试,它似乎在我这边正常运行。
要进行故障排除,请尝试在登录页面上使用以下凭据:密码-user和密码-password
此外,以下是我插入数据库的数据的详细信息:

用户表:

  1. INSERT INTO users(id, name, password, username) values (1, 'kc', '$2a$10$C6454pQIMqMNW76.M8NjYOzvniTgqdl8unnjnWNnMXmkGqE1M9CSC', 'user');

字符串

权限表:

  1. INSERT INTO authority(id, authority, user_id) VALUES (1, 'ROLE_USER', 1);


如果你是新手,我建议在你的application properties文件中添加以下行。这将为Spring Security启用详细的日志记录,帮助你跟踪和调试潜在的问题:
将以下行添加到application.properties文件中:

  1. logging.level.org.springframework.security=TRACE


此外,在WebSecurityConfig中,您可以通过在@EnableWebSecurity annotation中添加debug = true来启用调试。下面是一个示例:

  1. @EnableWebSecurity(debug = true)
  2. public class WebSecurityConfig {
  3.     // Your security configuration code here
  4. }

展开查看全部
赞(0)分享  回复(0)举报  2024-01-05
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com