java - 基于 Spring Boot 角色的身份验证不识别角色
问题描述
我有以下类并希望实现基于角色的身份验证,但它从不允许请求,因为它可能无法识别角色。这里可能存在什么问题?
用户实体
@Entity
@JsonIgnoreProperties(value = {"createdAt", "updatedAt", "roles", "enabled",
"authorities", "credentialsNonExpired", "accountNonLocked", "accountNonExpired"})
@Data
@Accessors(chain = true)
public class User extends Base implements UserDetails {
@Size(min = 4, max = 20)
@NotNull
private String username;
//@Size(min = 4, max = 20)
@NotNull
private String password;
@NotNull
@Email
private String email;
@ElementCollection(fetch = FetchType.EAGER)
private List<Role> roles = new ArrayList<>();
@OneToMany
private List<Book> bookList = new ArrayList<>();
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return roles.stream().map((Role r) -> new SimpleGrantedAuthority(r.toFullString())).collect(Collectors.toList());
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
角色枚举
public enum Role {
ADMIN("ADMIN"),
USER("USER");
private final String text;
Role(final String text) {
this.text = text;
}
@Override
public String toString() {
return text;
}
public String toFullString() {return "ROLE_" + text;}
}
网络安全配置
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
JwtTokenProvider jwtTokenProvider;
@Autowired
UserService userService;
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/actuator/**").hasAuthority(Role.ADMIN.toString())
.antMatchers("/").permitAll()
.antMatchers(HttpMethod.DELETE,"/user/remove").hasAnyAuthority(Role.ADMIN.toString(), Role.USER.toString())
.antMatchers(HttpMethod.PUT, "/user/create").permitAll()
.antMatchers(HttpMethod.POST, "/signin").permitAll()
.antMatchers("/admin/**").hasAuthority(Role.ADMIN.toString())
.and()
.apply(new JwtConfig(jwtTokenProvider));
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("admin")
.password(bCryptPasswordEncoder().encode("abcd123"))
.roles(Role.ADMIN.toString());
auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder());
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
return source;
}
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
}
这就是我设置新用户角色的方式
@Transactional
public GenericResponse create(UserDTO userDTO) {
if (usernameExists(userDTO.getUsername())) {
throw new UsernameExistsException(String.format("Username %s already exists", userDTO.getUsername()));
}
User user = modelMapper.map(userDTO, User.class);
user.setPassword(bCryptPasswordEncoder.encode(user.getPassword()))
.setRoles(Arrays.asList(Role.USER, Role.ADMIN))
.setId(UUID.randomUUID().toString());
if (userRepository.save(user) != null) {
return genericResponseService.createResponseNoError(user);
} else throw new RuntimeException();
}
我正在为我之前创建的用户发送 /user/remove 请求。如上所示,新生成的用户始终具有 USER 角色。
控制器
@RestController
@RequestMapping("user")
public class UserController {
@Autowired
UserService userService;
@PutMapping(value = "create", consumes = "application/json")
public GenericResponse create(@Valid @RequestBody UserDTO userDTO) {
return userService.create(userDTO);
}
@DeleteMapping(value = "remove", consumes = "application/json")
public GenericResponse remove(@Valid @RequestBody UserDTO userDTO) {
return userService.remove(userDTO);
}
}
解决方案
推荐阅读
- webpack - Webpack 4 在同一文件夹中将 sass 转换为 css
- scala - 在 Scala 中将映射序列转换为键映射到值序列
- solr - Solr如何将文件内容索引到多个字段?
- c# - 时间格式问题
- c# - 同一张桌子上的两个事件
- python - 熊猫 - 联合完成列
- c# - 无法加载文件或程序集 'System.IO, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' 或其依赖项之一
- msbuild - 从 MSBuild 任务中获取属性值
- ios - 使用 swift 3 使用不同的标记映射注释
- sitecore - Is Sitecore Connect customizable?