这是我使用 Spring 的第一个项目,我刚刚开始使用 Spring Security 创建登录。我希望某些页面只能由管理员访问,而不能由玩家访问。我在网上找到了一些例子,这个机制运行得很好,我有这个受登录保护的安全页面,当用户没有 ROLE_ADMIN 时,它是被禁止的。
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
@GetMapping("/secured/all")
public String securedHello() {
return "Secured Hello";
}
问题是,在测试我的代码时,我发现 Spring 仅对管理员(以及用户)进行身份验证,仅检查用户名。如果我输入了错误的密码,它仍然允许我输入。我不明白这是怎么可能的,Spring Security 不应该自己完成所有身份验证工作吗?我看到有人建议实现身份验证管理器或类似的东西,但我不明白为什么以及如何将其插入我的代码中。我已经坚持了两天了,请提供任何建议,我将不胜感激。这些是我的课程:
package model;
import java.io.IOException;
import javax.naming.AuthenticationException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.password.PasswordEncoder;
import com.fasterxml.jackson.databind.ObjectMapper;
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@EnableJpaRepositories(basePackageClasses = PlayersRepository.class)
@ComponentScan(basePackageClasses= CustomUserDetailsService.class)
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Override …我使用 JPA Hibernate 开发了一个 SpringBoot 应用程序,它运行得很好。现在我必须开始测试,老实说我不知道如何解决这个错误:
APPLICATION FAILED TO START
***************************
Description:
Field playersRepository in model.RestService required a bean of type 'model.PlayersRepository' that could not be found.
Action:
Consider defining a bean of type 'model.PlayersRepository' in your configuration.
2018-08-23 13:16:51.009 ERROR 7327 --- [ main] o.s.test.context.TestContextManager : Caught exception while allowing TestExecutionListener [org.springframework.test.context.web.ServletTestExecutionListener@50f6ac94] to prepare test instance [testing.ApplicationTestSuite@475b7792]
java.lang.IllegalStateException: Failed to load ApplicationContext
at org.springframework.test.context.cache.DefaultCacheAwareContextLoaderDelegate.loadContext(DefaultCacheAwareContextLoaderDelegate.java:125) ~[spring-test-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.test.context.support.DefaultTestContext.getApplicationContext(DefaultTestContext.java:108) ~[spring-test-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.test.context.web.ServletTestExecutionListener.setUpRequestContextIfNecessary(ServletTestExecutionListener.java:190) ~[spring-test-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.test.context.web.ServletTestExecutionListener.prepareTestInstance(ServletTestExecutionListener.java:132) ~[spring-test-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.test.context.TestContextManager.prepareTestInstance(TestContextManager.java:246) ~[spring-test-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.createTest(SpringJUnit4ClassRunner.java:227) …