我有一个应用程序在我的本地 8100 中运行,我的服务器端代码在它已实现的 8065 中执行Spring Security
作为 Java 配置。当我从 8100 ionic 浏览器窗口输入登录服务器代码时。我得到的原则对象数据只有字符串作为anonymousUser
。
我打印了我的服务器端代码Authentication
and Principle
数据。下面贴上代码。
For Authentication
Authentication auth = SecurityContextHolder.getContext().getAuthentication()
auth
数据是,
org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
For getPrincipal
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
principal
data
anonymousUser
这个字符串只有它有。下面我粘贴了我的安全配置 java 类代码。
安全配置Java类
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
private SecurityUserService userDetailsService;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/user/createsocialuser");
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
ExceptionMappingAuthenticationFailureHandler loginFailureHandler = new ExceptionMappingAuthenticationFailureHandler();
loginFailureHandler.setDefaultFailureUrl("/login/loginFailure");
http
.authorizeRequests()
.regexMatchers("/login.*").permitAll()
.regexMatchers("/admin.*").hasRole("ADMIN")
.regexMatchers("/user.*").hasRole("USER")
.and()
.formLogin()
.usernameParameter("j_username")
.passwordParameter("j_password")
.loginProcessingUrl("/j_spring_security_check")
.defaultSuccessUrl("/login/loginSuccess")
.permitAll()
.failureHandler(loginFailureHandler)
.permitAll().and().logout().permitAll()
.and().exceptionHandling()
.accessDeniedPage("/accessDenied/403").and().csrf().disable();
}
}
登录网页
<form class="form-horizontal" name="loginform" data-ng-submit="doLogin(loginform,userDetails)">
<label for="username">Username:</label>
<input type="text" class="form-control" ng-model="$parent.login.email" id="j_username" placeholder="Enter username" name="j_username" >
<label for="password">Password:</label>
<input type="password" class="form-control" ng-model="$parent.login.password" id="j_password" placeholder="Enter password" type="password" name="j_password">
<div class="alert alert-danger" id="loginerror" role="alert">
invalid usermame or password
</div><br/>
<button type="submit" class="btn btn-default submit">Si in</button>
</form>
Login Js
$scope.doLogin = function(loginform,userDetails) {
if (loginform.$valid) {
console.log('$parent.login.email',angular.toJson(self.login.email));
console.log('$parent.login.password',angular.toJson(self.login.password));
var loc = 'http://localhost:8080/Test_10030';
$http.post(loc+'/j_spring_security_check?j_username='+self.login.email+'&j_password='+self.login.password)
.success(function(data){
console.log('Server data =>',angular.toJson(data));
if(data.responseError == "loginFailed"){
alert("user name pasword incorrect")
console.error('Server data =>');
$log.log("Error login Credentials: ",JSON.stringify(data));
$location.url('login');
}
if(data.responseSuccess == "success"){
if(data.result != null){
var serverData = data.result;
console.warn('Server data =>',angular.toJson(serverData));
$rootScope.userData= serverData;
$location.url('/home');
}
}
}).error(function(data){
//callback
console.log('Error Some Internal server Error',data);
});
} else {
$log.log("form is invalid!");
if (self.isNewUser) {
loginform["username"].$dirty = true;
loginform["usrtel"].$dirty = true;
}
loginform["email"].$dirty = true;
loginform["password"].$dirty = true;
}
};
登录控制器 Java
@RestController
@RequestMapping("/login")
public class LoginController {
@RequestMapping(value="/loginSuccess",method = RequestMethod.GET)
public ResponseWrapper create(Principal principle) {
System.out.println("-------***************----------------");
try {
System.out.println("principle data=>"+principle)// NULL POINTER EXCEPTION
System.out.println("-------sucess********----------------");
ResponseWrapper wrap = new ResponseWrapper();
Object principal = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
System.err.println("Principal dara=>"+principal);
wrap.setResult(principle);
wrap.setResponseSuccess("success");
return wrap;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
}
用户详细信息类
@Service
@Transactional
public class SecurityUserService implements IUserService {
@Autowired
private SecurityUserDao gpuser_Dao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.out.println("............" + username);
GpUser user = gpuser_Dao.findUser(username);
UserDetails userDetails = null;
String rol = null;
if (user == null) {
throw new UsernameNotFoundException("No User found");
} else {
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
// Access DB and get the roles and assign
Object obj = user.getAuthorities();
System.out.println("obje data=>" + obj.toString());
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
userDetails = new User(user.getUsername(), user.getPassword(), true, true, true, true, grantedAuthorities);
/** ADDING ROLES-Creating authentication object with roles **/
Authentication authentication = new UserAuthenticationToken(user, userDetails,
userDetails.getAuthorities());
// Set the authentication
SecurityContextHolder.getContext().setAuthentication(authentication);
}
Object principal = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
return userDetails;
}
}
BootSecurityUserDao.java
@Repository
@Transactional
public class BootSecurityUserDao implements IUserDao {
@PersistenceContext
private EntityManager entityManager;
@SuppressWarnings("unchecked")
public GUser findUser(String username){
try{
String login = "select * from guser where username=:username";
Query result = entityManager.createNativeQuery(login,GUser.class)
.setParameter("username", username);
List<GUser> list = result.getResultList();
System.out.println("size of user list : " + list.size());
if (list.size() > 0) {
GUser user_from_db = list.get(0);
return user_from_db;
}
}catch(DataAccessException e) {
e.printStackTrace();
}
return null;
}
}
是否有任何其他代码为特定角色添加,例如anonymousUser
or ROLE_ANONYMOUS
在我的安全java配置类中。我添加了permitAll()
for \login
有关的URLS
。或者 Spring Security 本身有任何代码可以解决这个问题,就像我有一个困惑一样。