已解决 - 问题在于用户角色, Spring 天预期 ROLE_USER ,我正在通过 USER . 谢谢你的提示 .
我试图保护我的Spring Boot应用程序 . 在内存验证中一切正常:
auth.inMemoryAuthentication()
.withUser("new")
.password("asd")
.roles("USER");
但我需要数据库身份验证,所以在我的User类中我实现了 UserDetails :
@Entity
public class User implements UserDetails {
/**
*
*/
private static final long serialVersionUID = -8281468636068319152L;
@Id
@GeneratedValue(strategy=GenerationType.SEQUENCE)
private long id;
@NotNull
private String login;
@NotNull
private String password;
private Role role;
public User() {
}
public User(long id, String login, String password) {
this.id = id;
this.login = login;
this.password = password;
}
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getLogin() {
return login;
}
public void setLogin(String login) {
this.login = login;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
Set<GrantedAuthority> authorities = new HashSet<>();
if (role == null) {
return null;
}
if (role.equals(Role.ADMIN)) {
authorities.add(Role.ADMIN);
}
authorities.add(Role.USER);
return authorities;
}
@Override
public String getUsername() {
return this.login;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
角色:
public enum Role implements GrantedAuthority {
ADMIN,
USER;
@Override
public String getAuthority() {
return this.name();
}
}
并创建了一个这样的服务来加载用户:
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
User user = userRepository.findByLogin(username);
if ( user == null )
throw new UsernameNotFoundException("User not found");
return user;
}
}
配置应用程序时,我更改了内存中的身份验证:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
auth.authenticationProvider(daoAuthenticationProvider);
}
HttpSecurity是:
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/**")
.hasRole("USER")
.and()
.httpBasic();
// @formatter:on
}
在此配置之后,我无法获取应用程序内容,因为spring thrown error 403:禁止访问
在控制台上,我得到:
2015-04-01 20:59:51.515 DEBUG 5476 --- [nio-8080-exec-2] osweb.servlet.DispatcherServlet:名为'dispatcherServlet'的DispatcherServlet处理GET请求[/ error] 2015-04- 01 20:59:51.516 DEBUG 5476 --- [nio-8080-exec-2] swsmmaRequestMappingHandlerMapping:查找路径/错误的处理程序方法2015-04-01 20:59:51.517 DEBUG 5476 --- [nio-8080 -exec-2] swsmmaRequestMappingHandlerMapping:返回处理程序方法[public org.springframework.http.ResponseEntity> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)] 2015-04-01 20 :59:51.517 DEBUG 5476 --- [nio-8080-exec-2] osweb.servlet.DispatcherServlet:[/ error]的Last-Modified值为:-1
看起来Spring在安全配置之后找不到我的@RequestMapping .
任何消化?