gpt4 book ai didi

java - Spring 安全: make a mysql authentication

转载 作者:行者123 更新时间:2023-12-01 09:55:27 24 4
gpt4 key购买 nike

我对 Spring Security 有疑问。

我正在尝试通过 mysql 数据检查进行身份验证。我正在使用 AngularJs、Spring Boot 和 Spring Security。

我有一个由 $http.post(...) 调用的网络服务休息。当我启动我的应用程序时,如果我使用 chrome 插件“Advanced Rest Client”>“http://localhost:8080/check-login”测试我的 Web 服务;它有效,我收到代码 200:OK。

但是如果我想通过 Chrome 使用相同的 URL 访问我的网络服务。一个带有身份验证打开的窗口。我认为这是 Spring Security 的预身份验证。但我不知道如何禁用它。

这是一个问题,因为当我想使用浏览器访问 Web 服务时,它显示:“http://localhost:8080/check-login 401 未经授权”

编辑:这是我的代码:

HTML:

<form role="form" ng-submit="controller.login()">

<div class="form-group">
<label for="username">Username:</label>
<input type="text" class="form-control" id="username" name="username" ng-model="controller.credentials.username"/>
</div>

<div class="form-group">
<label for="password">Password:</label>
<input type="password" class="form-control" id="password" name="password" ng-model="controller.credentials.password"/>
</div>

<button type="submit" class="btn btn-primary">Submit</button>

</form>

JS:

myModule.controller('NavCtrl',function($rootScope, $location, $http){

var self = this

var authenticate = function(credentials, callback) {


var headers = credentials ? {authorization : "Basic " + btoa(credentials.username + ":" + credentials.password)} : {};

$http.get('user', {headers : headers}).then(
function(response) {
if (response.data.name) {
$rootScope.authenticated = true;
} else {
$rootScope.authenticated = false;
}
callback && callback();
},
function() {
$rootScope.authenticated = false;
callback && callback();
}
);

}

authenticate();
self.credentials = {};

self.login = function() {
authenticate(self.credentials, function() {
if ($rootScope.authenticated) {
$location.path("/");
self.error = false;
} else {
$location.path("/login");
self.error = true;
}
});
};

});

我的 Java REST:

@RestController
public class TestRest {

@RequestMapping("/user")
public Principal user(Principal user){
return user;
}

}

我的 Java Spring Boot 和安全配置:

@SpringBootApplication
public class BusinessBootApplication {

public static void main(String[] args) {
SpringApplication.run(BusinessBootApplication.class, args);
}

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/index.html","/home.html","/login.html","/").permitAll()
.anyRequest()
.authenticated()
.and()
.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
.csrf()
.csrfTokenRepository(csrfTokenRepository());
}

private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repo = new HttpSessionCsrfTokenRepository();
repo.setHeaderName("X-XSRF-TOKEN");
return repo;
}
}
}

最后,我的关于 UserDetailsS​​ervice 的 Java

@Service
public class UserDetailsServiceImpl implements UserDetailsService {

public UserDao userDao;

@Autowired
public UserDetailsServiceImpl(UserDao _userDao) {
super();
userDao = _userDao;
}

@Override
public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException {

UserDetailsImpl userDetailsImpl = null;

User user = userDao.findByLogin(arg0);

if(user == null){
throw new UsernameNotFoundException("Login not found");
} else{
userDetailsImpl = new UserDetailsImpl(user);
}

return userDetailsImpl;
}

}




public class UserDetailsImpl implements UserDetails {

/** The Constant serialVersionUID. */
private static final long serialVersionUID = 1L;

/** The _username. */
private String username;

/** The _password. */
private String password;

public UserDetailsImpl(User user) {
username = user.getLogin();
password = user.getPwd();
}

/**
* @param password the password to set
*/
public void setPassword(String password) {
this.password = password;
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
// TODO Auto-generated method stub
return null;
}

@Override
public String getPassword() {
// TODO Auto-generated method stub
return null;
}

/**
* @param username the username to set
*/
public void setUsername(String username) {
this.username = username;
}

@Override
public String getUsername() {
// TODO Auto-generated method stub
return null;
}

@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return false;
}

@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return false;
}

@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return false;
}

@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return false;
}

}

你有什么想法吗?谢谢

最佳答案

此窗口是基本身份验证窗口,您在代码中使用基本身份验证 (httpBasic):

http.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/index.html","/home.html","/login.html","/").permitAll()
.anyRequest()
.authenticated()

因此,如果您尝试访问 protected 网址,则将 Spring Security 配置为应用基本身份验证。

基于此配置,Chrome 会检查 http 请求是否包含身份验证 header (其中包括用户凭据),如果是,则不会打开身份验证窗口,否则 Chrome 将打开身份验证窗口以插入用户名和密码。

要解决窗口问题,您需要按照下面的代码中编写的方式处理 AngularJS 代码中的基本身份验证(请通过监视 chrome 开发者工具中的请求 header 来检查此代码是否正常工作)

var headers = credentials ? {authorization : "Basic " + btoa(credentials.username + ":" + credentials.password)} : {};

$http.get('user', {headers : headers}).then(
function(response) {
if (response.data.name) {
$rootScope.authenticated = true;
} else {
$rootScope.authenticated = false;
}
callback && callback();
},
function() {
$rootScope.authenticated = false;
callback && callback();
}
);

请注意:当您使用Advanced Rest Client Tool时,您可以传递Basic身份验证 header ,如果不传递此 header ,则不会打开身份验证窗口。

关于java - Spring 安全: make a mysql authentication,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37272497/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com