这个测试项目因为我不知道如何在方法中注入@AuthenticationPrincipal注释,我有一些问题,@AuthenticationPrincipal UserDetails抛出异常
UserDetails userDetails = SecurityContextHolder.getContext().getAuthentication().getPrincipal()
工作没问题,但我想在方法中注入这个注释我该怎么办?
当我在方法中添加注释时,会引发此异常
org.springframework.web.util.NestedServletException:请求处理失败;嵌套异常是java.lang.IllegalStateException:找不到接口org.springframework.security.core.userdetails.UserDetails的主要或默认构造函数
如何将 @AuthenticationPrincipal 注入 MainControll 类中的索引方法?我该如何解决这种情况?
package com.sencerseven.springsecurityauth.controller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class MainController {
@RequestMapping(value = {"/"})
public ModelAndView index(@AuthenticationPrincipal UserDetails userDetails) {
ModelAndView mv = new ModelAndView("index");
mv.addObject("user", userDetails);
return mv;
}
@RequestMapping(value = {"/login"})
public ModelAndView loginPage(@RequestParam(name="error",required = false)String error,
@RequestParam(name="logout",required = false)String logout) {
ModelAndView …我正在尝试使用 OAuth2 实现开发具有 spring 安全性的 rest api。但是如何删除基本身份验证。我只想将用户名和密码发送到 body 并在邮递员上获取令牌。
@Configuration
public class OAuthServerConfigration {
private static final String SERVER_RESOURCE_ID = "oauth2-server";
private static InMemoryTokenStore tokenStore = new InMemoryTokenStore();
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(SERVER_RESOURCE_ID).stateless(false);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.anonymous().disable().requestMatchers().antMatchers("/api/**").and().authorizeRequests().antMatchers("/api/**").access("#oauth2.hasScope('read')");
}
}
@Configuration
@EnableAuthorizationServer
protected static class AuthConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).tokenStore(tokenStore).approvalStoreDisabled(); …