java - Spring Security 中需要授予权限的文本表示
问题描述
我在 Spring Security 中的注册权限有问题
我无法注册方法
我试图设置对每条路径的访问,但没有帮助
控制器
@RestController
public class UserController {
private UserService userService;
public UserController(UserService userService) {
this.userService = userService;
}
@PostMapping("/register")
public Long register(@RequestBody User user){
return userService.register(user);
}
}
安全配置
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder getPasswordEncoder() {
return new BCryptPasswordEncoder();
}
private UserDetailsServiceImpl userDetailsService;
public SecurityConfig(UserDetailsServiceImpl userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.headers().disable();
http.authorizeRequests().
antMatchers("/").permitAll()
.antMatchers("/register").permitAll();
}
}
用户服务
@Service
public class UserService {
private UserRepository userRepository;
private PasswordEncoder passwordEncoder;
public UserService(UserRepository userRepository, PasswordEncoder passwordEncoder) {
this.userRepository = userRepository;
this.passwordEncoder = passwordEncoder;
}
public Long register(User user){
user.setPassword(passwordEncoder.encode(user.getPassword()));
userRepository.save(user);
return user.getId();
}
}
用户模型
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import java.util.*;
@Entity
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String userName;
private String lastName;
private String password;
private String role;
public User() {
}
..get and set...
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> listRole = new ArrayList<GrantedAuthority>();
listRole.add(new SimpleGrantedAuthority(role));
return listRole;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return userName;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
错误
java.lang.IllegalArgumentException:在 org.springframework.util.Assert.hasText(Assert.java:284) ~[spring-core-5.2.4.RELEASE.jar:5.2.4.RELEASE] 需要授予权限的文本表示在 org.springframework.security.core.authority.SimpleGrantedAuthority.(SimpleGrantedAuthority.java:38) ~[spring-security-core-5.2.2.RELEASE.jar:5.2.2.RELEASE] 在 com.xxx.xx.models .User.getAuthorities(User.java:71) ~[classes/:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal .reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base /java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
解决方案
在您的 User 模型类中,确保设置了一个角色,以便您的 getAuthorities() 方法起作用。
您收到的错误提示您正在使用“null”角色执行“新 SimpleGrantedAuthority”。
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> listRole = new ArrayList<GrantedAuthority>();
listRole.add(new SimpleGrantedAuthority(role)); // this is the problematic line!
return listRole;
}
如果您没有角色,则只需返回一个空列表即可。
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Collections.emptyList();
}
推荐阅读
- python - dask.bag / dask.delayed for loop有什么区别,为dask中的python并行作业选择更好的方法
- firebase - 检测到 0 个或 2 个或多个 [DropdownMenuItem] 具有相同的值
- html - 仅在 CSS 动画完成后显示 HTML 正文(使用纯 CSS)
- c# - 如何在c#中限制用户在特定时间段后取消预订
- postgresql - 在 PostgreSQL 触发器中循环和测试 cte 的结果
- html - 如何使用 BeautifulSoup 提取每个 df1 内容(优点、缺点、df_tit)?
- reactjs - MUI Datetimepicker 使用下拉选择更改值
- javascript - Google Sheets Appscript 弹出提示响应并隐藏工作表,直到响应正确
- javascript - 使用 if 语句反应组件未在 .map 内呈现
- rust - 如何修复使用 HashMap 的代码
> 对矩阵进行对角线排序?