Ruk*_*han 7 java spring spring-security spring-boot
我是 Spring-Boot 的新手,目前,我正在开发一个带有 MySQL 数据库连接的自定义登录表单。
所以我已经开发了注册功能,它工作正常。
但是当我尝试登录帐户时,它总是显示“用户名和密码无效”。
我正在使用 Eclipse IDE。
下面是控制器类: WebMvcConfiguration.java
@ComponentScan("org.springframework.security.samples.mvc")
@Controller
@Configuration
public class WebMvcConfiguration implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
@GetMapping("/login")
public String login() {
return "login";
}
@PostMapping("/customerAccount")
public String authenticate() {
// authentication logic here
return "customerAccount";
}
@GetMapping("/adminDashboard")
public String adminDashboard() {
return "adminDashboard";
}
@GetMapping("/Category")
public String Category() {
return "Category";
}
@GetMapping("/Index")
public String Index() {
return "Index";
}
@PostMapping("/RatingAccount")
public String RatingAccount() {
return "RatingAccount";
}
public void addResourceHandlers(final ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/static/**").addResourceLocations("/resources/static/");
}
}
下面是 UserAccountController.java
@RestController
@Controller
public class UserAccountController {
@Autowired
private CustomerRepository userRepository;
@Autowired
private ConfirmationTokenRepository confirmationTokenRepository;
@Autowired
private EmailSenderService emailSenderService;
@RequestMapping(value="/register", method = RequestMethod.GET)
public ModelAndView displayRegistration(ModelAndView modelAndView, Customer user)
{
modelAndView.addObject("user", user);
modelAndView.setViewName("register");
return modelAndView;
}
@RequestMapping(value="/register", method = RequestMethod.POST)
public ModelAndView registerUser(ModelAndView modelAndView, Customer user)
{
Customer existingUser = userRepository.findByEmailIdIgnoreCase(user.getEmailId());
if(existingUser != null)
{
modelAndView.addObject("message","This email already exists!");
modelAndView.setViewName("error");
}
else
{
userRepository.save(user);
ConfirmationToken confirmationToken = new ConfirmationToken(user);
confirmationTokenRepository.save(confirmationToken);
SimpleMailMessage mailMessage = new SimpleMailMessage();
mailMessage.setTo(user.getEmailId());
mailMessage.setSubject("Complete Registration!");
mailMessage.setFrom("rukshan033@gmail.com");
mailMessage.setText("To confirm your account, please click here : "
+"http://localhost:8082/confirm-account?token="+confirmationToken.getConfirmationToken());
emailSenderService.sendEmail(mailMessage);
modelAndView.addObject("emailId", user.getEmailId());
modelAndView.setViewName("successfulRegisteration");
}
return modelAndView;
}
@RequestMapping(value="/confirm-account", method= {RequestMethod.GET, RequestMethod.POST})
public ModelAndView confirmUserAccount(ModelAndView modelAndView, @RequestParam("token")String confirmationToken)
{
ConfirmationToken token = confirmationTokenRepository.findByConfirmationToken(confirmationToken);
if(token != null)
{
Customer user = token.getCustomer();
//Customer user = userRepository.findByEmailIdIgnoreCase(token.getCustomer().getEmailId());
user.setEnabled(true);
userRepository.save(user);
modelAndView.setViewName("accountVerified");
}
else
{
modelAndView.addObject("message","The link is invalid or broken!");
modelAndView.setViewName("error");
}
return modelAndView;
}
@RequestMapping(value="/login", method= {RequestMethod.GET, RequestMethod.POST})
// @ResponseBody
public ModelAndView login(ModelAndView modelAndView, @RequestParam("emailID")String email, @RequestParam("password")String password)
{
Customer user = userRepository.findByEmailIdIgnoreCase(email);
if(user == null) {
modelAndView.addObject("message1","Invalid E-mail. Please try again.");
modelAndView.setViewName("login");
}
else if (user != null && user.getPassword()!=password) {
modelAndView.addObject("message1","Incorrect password. Please try again.");
modelAndView.setViewName("login");
}
else if (user != null && user.getPassword()==password && user.isEnabled()==false) {
modelAndView.addObject("message1","E-mail is not verified. Check your inbox for the e=mail with a verification link.");
modelAndView.setViewName("login");
}
else if (user != null && user.getPassword()==password && user.isEnabled()==true) {
modelAndView.addObject("message1","Welcome! You are logged in.");
modelAndView.setViewName("customerAccount");
}
return modelAndView;
}
@RequestMapping(value="/customerDetails", method = RequestMethod.GET)
public ModelAndView displayCustomerList(ModelAndView modelAndView)
{
modelAndView.addObject("customerList", userRepository.findAll());
modelAndView.setViewName("customerDetails");
return modelAndView;
}
// getters and setters
public CustomerRepository getUserRepository() {
return userRepository;
}
public void setUserRepository(CustomerRepository userRepository) {
this.userRepository = userRepository;
}
public ConfirmationTokenRepository getConfirmationTokenRepository() {
return confirmationTokenRepository;
}
public void setConfirmationTokenRepository(ConfirmationTokenRepository confirmationTokenRepository) {
this.confirmationTokenRepository = confirmationTokenRepository;
}
public EmailSenderService getEmailSenderService() {
return emailSenderService;
}
public void setEmailSenderService(EmailSenderService emailSenderService) {
this.emailSenderService = emailSenderService;
}
}
下面是安全配置类: SecurityConfig.java
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(
"/Index/**"
,"/Category/**"
,"/register**"
,"/css/**"
,"/fonts/**"
,"/icon-fonts/**"
,"/images/**"
,"/img/**"
,"/js/**"
,"/Source/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
}
下面是 Thymeleaf 登录页面: login.html
@ComponentScan("org.springframework.security.samples.mvc")
@Controller
@Configuration
public class WebMvcConfiguration implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
@GetMapping("/login")
public String login() {
return "login";
}
@PostMapping("/customerAccount")
public String authenticate() {
// authentication logic here
return "customerAccount";
}
@GetMapping("/adminDashboard")
public String adminDashboard() {
return "adminDashboard";
}
@GetMapping("/Category")
public String Category() {
return "Category";
}
@GetMapping("/Index")
public String Index() {
return "Index";
}
@PostMapping("/RatingAccount")
public String RatingAccount() {
return "RatingAccount";
}
public void addResourceHandlers(final ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/static/**").addResourceLocations("/resources/static/");
}
}
下面是我应该重定向到的页面: customerAccount.html
@RestController
@Controller
public class UserAccountController {
@Autowired
private CustomerRepository userRepository;
@Autowired
private ConfirmationTokenRepository confirmationTokenRepository;
@Autowired
private EmailSenderService emailSenderService;
@RequestMapping(value="/register", method = RequestMethod.GET)
public ModelAndView displayRegistration(ModelAndView modelAndView, Customer user)
{
modelAndView.addObject("user", user);
modelAndView.setViewName("register");
return modelAndView;
}
@RequestMapping(value="/register", method = RequestMethod.POST)
public ModelAndView registerUser(ModelAndView modelAndView, Customer user)
{
Customer existingUser = userRepository.findByEmailIdIgnoreCase(user.getEmailId());
if(existingUser != null)
{
modelAndView.addObject("message","This email already exists!");
modelAndView.setViewName("error");
}
else
{
userRepository.save(user);
ConfirmationToken confirmationToken = new ConfirmationToken(user);
confirmationTokenRepository.save(confirmationToken);
SimpleMailMessage mailMessage = new SimpleMailMessage();
mailMessage.setTo(user.getEmailId());
mailMessage.setSubject("Complete Registration!");
mailMessage.setFrom("rukshan033@gmail.com");
mailMessage.setText("To confirm your account, please click here : "
+"http://localhost:8082/confirm-account?token="+confirmationToken.getConfirmationToken());
emailSenderService.sendEmail(mailMessage);
modelAndView.addObject("emailId", user.getEmailId());
modelAndView.setViewName("successfulRegisteration");
}
return modelAndView;
}
@RequestMapping(value="/confirm-account", method= {RequestMethod.GET, RequestMethod.POST})
public ModelAndView confirmUserAccount(ModelAndView modelAndView, @RequestParam("token")String confirmationToken)
{
ConfirmationToken token = confirmationTokenRepository.findByConfirmationToken(confirmationToken);
if(token != null)
{
Customer user = token.getCustomer();
//Customer user = userRepository.findByEmailIdIgnoreCase(token.getCustomer().getEmailId());
user.setEnabled(true);
userRepository.save(user);
modelAndView.setViewName("accountVerified");
}
else
{
modelAndView.addObject("message","The link is invalid or broken!");
modelAndView.setViewName("error");
}
return modelAndView;
}
@RequestMapping(value="/login", method= {RequestMethod.GET, RequestMethod.POST})
// @ResponseBody
public ModelAndView login(ModelAndView modelAndView, @RequestParam("emailID")String email, @RequestParam("password")String password)
{
Customer user = userRepository.findByEmailIdIgnoreCase(email);
if(user == null) {
modelAndView.addObject("message1","Invalid E-mail. Please try again.");
modelAndView.setViewName("login");
}
else if (user != null && user.getPassword()!=password) {
modelAndView.addObject("message1","Incorrect password. Please try again.");
modelAndView.setViewName("login");
}
else if (user != null && user.getPassword()==password && user.isEnabled()==false) {
modelAndView.addObject("message1","E-mail is not verified. Check your inbox for the e=mail with a verification link.");
modelAndView.setViewName("login");
}
else if (user != null && user.getPassword()==password && user.isEnabled()==true) {
modelAndView.addObject("message1","Welcome! You are logged in.");
modelAndView.setViewName("customerAccount");
}
return modelAndView;
}
@RequestMapping(value="/customerDetails", method = RequestMethod.GET)
public ModelAndView displayCustomerList(ModelAndView modelAndView)
{
modelAndView.addObject("customerList", userRepository.findAll());
modelAndView.setViewName("customerDetails");
return modelAndView;
}
// getters and setters
public CustomerRepository getUserRepository() {
return userRepository;
}
public void setUserRepository(CustomerRepository userRepository) {
this.userRepository = userRepository;
}
public ConfirmationTokenRepository getConfirmationTokenRepository() {
return confirmationTokenRepository;
}
public void setConfirmationTokenRepository(ConfirmationTokenRepository confirmationTokenRepository) {
this.confirmationTokenRepository = confirmationTokenRepository;
}
public EmailSenderService getEmailSenderService() {
return emailSenderService;
}
public void setEmailSenderService(EmailSenderService emailSenderService) {
this.emailSenderService = emailSenderService;
}
}
编辑
新的 UserDetailsService 类:
public class CustomerDetailsService implements UserDetailsService{
@Autowired
private CustomerRepository customerRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Customer customer = customerRepository.findByEmailIdIgnoreCase(username);
if (customer == null) {
throw new UsernameNotFoundException(username);
}
return new MyUserPrincipal(customer);
}
}
class MyUserPrincipal implements UserDetails {
private Customer customer;
public MyUserPrincipal(Customer customer) {
this.customer = customer;
}
@SuppressWarnings("unchecked")
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
// TODO Auto-generated method stub
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
return (Collection<GrantedAuthority>) auth.getAuthorities();
}
return null;
}
@Override
public String getPassword() {
return customer.getPassword();
}
@Override
public String getUsername() {
return customer.getEmailId();
}
@Override
public boolean isAccountNonExpired() {
return false;
}
@Override
public boolean isAccountNonLocked() {
return false;
}
@Override
public boolean isCredentialsNonExpired() {
return false;
}
@Override
public boolean isEnabled() {
return customer.isEnabled();
}
}
我添加了一些System.out.print()s 并发现我UserAccountController的没有被访问。该CustomerDetailsService班也被存取和用户名传递正确。如何将控制器与此连接?
小智 2
我建议使用 Spring Security。看到这是您每次创建新应用程序时都会复制的代码,最好将其清理并让框架发挥其作用。;)
首先,您的实施WebSecurityConfigurerAdapter
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
private static final String USER_BY_USERNAME_QUERY = "select Email, Wachtwoord, Activatie from users where Email = ?" ;
private static final String AUTHORITIES_BY_USERNAME_QUERY = "select Email, Toegang from users where Email = ?" ;
@Autowired
private AccessDeniedHandler accessDeniedHandler;
@Autowired
private PasswordEncoder encoder;
@Autowired
private DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/public/**", "/css/**", "/js/**", "/font/**", "/img/**", "/scss/**", "/error/**").permitAll()
.antMatchers("/mymt/**").hasAnyRole("MEMBER", "ADMIN", "GUEST", "BOARD")
.antMatchers("/admin/**").hasAnyRole("ADMIN", "BOARD")
.antMatchers("/support/**").hasAnyRole("ADMIN", "BOARD")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll()
.and()
.exceptionHandling().accessDeniedHandler(accessDeniedHandler)
;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.passwordEncoder(encoder)
.dataSource(dataSource)
.usersByUsernameQuery(USER_BY_USERNAME_QUERY)
.authoritiesByUsernameQuery(AUTHORITIES_BY_USERNAME_QUERY)
;
}
}
首先,我加载PasswordEncoder我在主应用程序中定义的@Bean方法。我使用它BCryptPasswordEncoder来进行密码散列。
我DataSource从 Spring Boot Starter 的内存中加载。这是为我默认使用的数据库配置的(我的默认持久化单元,因为我使用Spring Data jpa)
对于授权的配置,我首先禁用跨站点引用,作为安全措施。然后我配置所有路径并告诉 Spring 谁可以访问网络应用程序的哪个部分。在我的数据库中,这些角色被写为ROLE_MEMBER, ROLE_BOARD, ... Spring SecurityROLE_自行删除了 ,但需要它存在。
之后,我添加 formLogin 并将其指向 的 url /login,并允许所有角色访问登录页面。我还添加了一些注销功能和异常处理。如果你愿意的话,你可以忽略这些。
然后我配置身份验证。这里我使用的jdbcAuthentication是通过数据库登录。我向编码器提供密码、数据源,然后使用我预编译的两个查询来提供用户信息和用户角色。
事实上就是这样。
我的控制器非常简单
@Controller
@RequestMapping("/login")
public class BasicLoginController {
private static final String LOGON = "authentication/login";
@GetMapping
public String showLogin() {
return LOGON;
}
}
我的主要看起来像这样:
@SpringBootApplication
@EnableGlobalMethodSecurity(securedEnabled = true)
public class MyMT extends SpringBootServletInitializer {
public static void main(String[] args) {
ConfigurableApplicationContext ctx = SpringApplication.run(MyMT.class, args);
}
@Bean
public BCryptPasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Bean
public Logger logger() {
return Logger.getLogger("main");
}
}
我的 HTML 页面如下所示:
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>MyMT Login</title>
<div th:insert="fragments/header :: header-css" />
</head>
<body>
<div class="bgMask">
<div th:insert="fragments/header :: nav-header (active='Home')" />
<main>
<div class="container">
<h1>Login</h1>
<!-- Form -->
<form class="text-center" style="color: #757575;" method="post">
<p>Om toegang te krijgen tot het besloten gedeelte moet je een geldige login voorzien.</p>
<div class="row" th:if="${param.error}">
<div class="col-md-3"></div>
<div class=" col-md-6 alert alert-danger custom-alert">
Invalid username and/or password.
</div>
<div class="col-md-3"></div>
</div>
<div class="row" th:if="${param.logout}">
<div class="col-md-3"></div>
<div class="col-md-6 alert alert-info custom-alert">
You have been logged out.
</div>
<div class="col-md-3"></div>
</div>
<!-- Name -->
<div class="md-form mt-3 row">
<div class="col-md-3"></div>
<div class="col-md-6">
<input type="text" id="username" class="form-control" name="username" required>
<label for="username">Email</label>
</div>
<div class="col-md-3"></div>
</div>
<!-- E-mai -->
<div class="md-form row">
<div class="col-md-3"></div>
<div class="col-md-6">
<input type="password" id="password" class="form-control" name="password" required>
<label for="password">Password</label>
</div>
<div class="col-md-3"></div>
</div>
<!-- Sign in button -->
<input type="submit" value="Login" name="login" class="btn btn-outline-info btn-rounded btn-block z-depth-0 my-4 waves-effect" />
</form>
<!-- Form -->
</div>
</main>
<div th:insert="fragments/footer :: footer-scripts" />
<div th:insert="fragments/footer :: footer-impl" />
</div>
</body>
</html>
在这里您可以看到两个输入字段,其中包含用户名和密码名称。
这就是登录配置。您现在可以使用所有控制器,而无需为其添加安全性。
用干净的代码术语来说。在各处增加安全性是一个跨领域的问题。Spring security 通过使用面向方面的编程技巧修复了这个问题。换句话说。它拦截 HttpRequest 并首先检查用户。安全性会自动启动包含用户信息的会话并检查该会话。
我希望简短的解释有助于您登录。:)
| 归档时间: |
|
| 查看次数: |
438 次 |
| 最近记录: |