java - Springboot 安全配置未重定向到 successUrl
问题描述
我似乎不明白我的代码有什么问题。我正在尝试使用 Springboot 安全登录,一切似乎都是正确的,我可以在控制台上看到我的用户名和密码。谁能告诉我我做错了什么?
这是我的 SecSecurityConfig 类
package com.scanapp.config;
import com.scanapp.repositories.RoleRepository;
import com.scanapp.services.UserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import
org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private RoleRepository roleRepository;
@Autowired
@Qualifier("myuserdet")
UserDetailsService userDetailsService;
protected void init(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("I'm here");
auth.authenticationProvider(authProvider());
}
@Bean
public DaoAuthenticationProvider authProvider() {
System.out.println("got here");
DaoAuthenticationProvider authProvider = new
DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService);
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
@Bean
public PasswordEncoder passwordEncoder()
{
return new CustomPassword();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources**").permitAll()
.anyRequest().permitAll()
.and().formLogin().loginPage("/login").successForwardUrl("/index").defaultSuccessUrl("/index",true).failureUrl("/login?error").permitAll()
.and()
.csrf().disable();
System.out.println("got here too");
}
}
用户服务详细信息.java
package com.scanapp.services;
import com.drew.metadata.StringValue;
import com.scanapp.config.MyUserPrincipal;
import com.scanapp.config.SecSecurityConfig;
import com.scanapp.models.User;
import com.scanapp.repositories.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.web.bind.annotation.RequestParam;
import java.util.Objects;
@Qualifier("myuserdet")
@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByEmail(username);
if (Objects.nonNull(user)) {
MyUserPrincipal principal = new MyUserPrincipal(user);
System.out.println(String.valueOf(principal));
System.out.println("User Found");
System.out.println(principal.getPassword());
System.out.println(principal.getUsername());
return principal;
}else {
throw new BadCredentialsException("User Not found");
}
}
}
MyUserPrincipal.java
package com.scanapp.config;
import com.scanapp.models.User;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection;
public class MyUserPrincipal implements UserDetails {
private User user;
public MyUserPrincipal(User user) {
this.user = user;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
@Override
public String getPassword()
{
return user.getPassword();
}
@Override
public String getUsername()
{
return user.getEmail();
}
@Override
public boolean isAccountNonExpired() {
return false;
}
@Override
public boolean isAccountNonLocked() {
return false;
}
@Override
public boolean isCredentialsNonExpired() {
return false;
}
@Override
public boolean isEnabled() {
return false;
}
}
自定义密码.java
package com.scanapp.config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
public class CustomPassword extends BCryptPasswordEncoder {
Logger logger = LoggerFactory.getLogger(this.getClass());
@Override
public String encode(CharSequence rawPassword) {
return super.encode(rawPassword);
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
System.out.println("paasword etered {}" + rawPassword);
return super.matches(rawPassword, encodedPassword);
}
}
解决方案
尝试从配置中删除此块。理论上,Spring 在幕后创建所有这些 bean(自动获取您的 passwordEncoder 和 UserDetailsService)。
@Autowired
@Qualifier("myuserdet")
UserDetailsService userDetailsService;
protected void init(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("I'm here");
auth.authenticationProvider(authProvider());
}
@Bean
public DaoAuthenticationProvider authProvider() {
System.out.println("got here");
DaoAuthenticationProvider authProvider = new
DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService);
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
如果它不起作用,请尝试重命名您的 UserDetailsService (虽然这是一个很长的镜头)。
推荐阅读
- android - 再次提交失败请求的最佳实践
- javascript - javascript - 返回未定义的递归方法
- python - 无法在 Win 系统上的 Ubuntu 虚拟机中安装 Scrapy (Shell)
- javascript - 引导,使用其他内容缩放图像以适应显示器上的静态行
- python - Django - 创建关联对象的字典
- c++ - C++ 中的谓词
- css - 需要在 ViewLayout 中更改 CSS - Bootstrap 4
- python - 用熊猫重塑数据框
- haskell - 如何编写没有参数的 Haskell 函数?
- c - 为什么严格的别名规则不适用于 int* 和 unsigned*?