使用Spring Security和自定义数据库的Spring Boot [英] Spring boot with Spring Security and custom database

问题描述

对不起，我的英语不好。。

Sorry in advance for my bad english..

由于我更改了数据库配置，因此无法成功登录我的应用程序。
我正在使用Spring安全性。在进行更改之前，一切正常。

Since I have changed my database configuration I don't succeed to log me on my application. I am using Spring security. Before making the changes everything worked.

我有两个实体：

I have two entities :

• User.java


• UserRole.java

User.java

package betizy.models;

//imports

@Entity
@Table(name = "use_user")
public class User {


@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USE_ID")
private Long id;

@NotNull
@Column(name = "USE_USERNAME")
private String username;

@NotNull
@Column(name = "USE_PASSWORD")
private String password;

@NotNull
@Column(name = "USE_EMAIL")
private String email;


//getters and setters
}

UserRole.java

package betizy.models;

//imports

@Entity
@Table(name = "usr_user_role")
public class UserRole {

@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="USR_ID")
private Long id;

@ManyToOne
@JoinColumn(name = "USR_USE_ID")
private User user;

@NotNull
@Column(name = "USR_ROLE")
private String role;

//getters and setters
}

login.html

 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
 <head>
     <title>Spring Security Example </title>
     <script src="/webjars/angularjs/1.4.9/angular.js"></script>
     <script src="webjars/jquery/2.0.3/jquery.min.js"></script>

     <link rel="stylesheet" href="/webjars/bootstrap/3.3.6/css/bootstrap.css">

     <script src="/js/index.js"></script>
 </head>
 <body ng-app="Betizy">
      <div header></div>
      <div th:if="${param.error}">
           Invalid username and password.
      </div>
      <div th:if="${param.logout}">
           You have been logged out.
      </div>
      <form th:action="@{/login}" method="post">
            <div><label> User Name : <input type="text" name="username" required/> </label></div>
            <div><label> Password: <input type="password" name="password" required/> </label></div>
            <div><input type="submit" value="Sign In"/></div>
      </form>
      <div>To open a new account click <a href="/register">here</a>. </div> 
      <div footer></div>
 </body>
 </html>

SecurityConfig.java

package betizy.security;

//imports

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {


@Autowired
DataSource dataSource;

@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {

    auth.jdbcAuthentication().dataSource(dataSource)
            //.passwordEncoder(passwordEncoder())
            .usersByUsernameQuery(
                    "select * from use_user where use_user.use_username=?")
            .authoritiesByUsernameQuery(
                    "select * from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=?");
}

@Bean
public PasswordEncoder passwordEncoder(){
    PasswordEncoder encoder = new BCryptPasswordEncoder();
    return encoder;
}


@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            //.antMatchers("/hello").access("hasRole('ROLE_ADMIN')")
            .antMatchers("/", "/register", "/user/create", "/webjars/**", "/js/**").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").permitAll()
            .usernameParameter("username").passwordParameter("password")
            .and()
            .logout().permitAll()
            .and()
            .exceptionHandling().accessDeniedPage("/403")
            .and()
            .csrf().disable();
}
}

I我认为问题在于我的 User 实体字段的名称或我在 SecurityConfig.java 中的两个查询，但是我知道该如何解决我的问题。

我必须保留我的数据库配置（字段名称）。

I think problem is with name of my User entity fields or my two queries in SecurityConfig.java, but I have any idea how can I do to solve my problem.
I must keep my database configuration (name of fields).

在此先感谢您的帮助！ ：）

Thank you in advance for your help ! :)

编辑

进行两次更改都可以使用，但它不是一个很好的数据库。我将发布两个数据库之间的差异以及 SecurityConfig.java

With two changes all works but it is not the good database. I will post differences between the two databases and differences in SecurityConfig.java

一垒（可行）

用户表

用户角色表

First base (it is works)
User table
User Role table

具有 SecurityConfig。 java

@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {

    auth.jdbcAuthentication().dataSource(dataSource)
            .usersByUsernameQuery(
                    "select username,password, enabled from users where username=?")
            .authoritiesByUsernameQuery(
                    "select username, role from user_roles where username=?");
}

第二个不起作用。我无法发布链接，但是您在 User.java 和 UserRole.java

Second it doesn't work. I can't post links but you have the perfect description above in User.java and UserRole.java

使用 SecurityConfig.java

@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {

    auth.jdbcAuthentication().dataSource(dataSource)
            .usersByUsernameQuery(
                    "select use_username, use_password, use_email from use_user where use_username=?")
            .authoritiesByUsernameQuery(
                    "select use_username, usr_role from usr_user_role, use_user where use_id = usr_use_id and use_username=?");
}

推荐答案

请更改SQL以返回列名按顺序而不是 * ;

Please change the SQL to return the column names in order instead of *;

<!-- change to your own column name, return the columns in order-->
select <username,password,enabled> from use_user where use_user.use_username=?

和 AUTHORITIES SQL

<!-- change to your own column name, the authority must be second column  -->
select <username,authority> from usr_user_role inner join use_user on use_user.use_id = usr_user_role.usr_use_id where use_user.use_username=?

更多详细信息，请参见此处，确定，这是代码，我认为它更容易

More detail see here, OK, here is the code, I think it's more easy to understand why you should return the columns in order.

protected List<UserDetails> loadUsersByUsername(String username) {
        return getJdbcTemplate().query(this.usersByUsernameQuery,
                new String[] { username }, new RowMapper<UserDetails>() {
                    @Override
                    public UserDetails mapRow(ResultSet rs, int rowNum)
                            throws SQLException {
                        // get user info
                        String username = rs.getString(1);
                        String password = rs.getString(2);
                        boolean enabled = rs.getBoolean(3);
                        return new User(username, password, enabled, true, true, true,
                                AuthorityUtils.NO_AUTHORITIES);
                    }

                });
    }

protected List<GrantedAuthority> loadUserAuthorities(String username) {
        return getJdbcTemplate().query(this.authoritiesByUsernameQuery,
                new String[] { username }, new RowMapper<GrantedAuthority>() {
                    @Override
                    public GrantedAuthority mapRow(ResultSet rs, int rowNum)
                            throws SQLException {
                        //get GrantedAuthority
                        String roleName = JdbcDaoImpl.this.rolePrefix + rs.getString(2);

                        return new SimpleGrantedAuthority(roleName);
                    }
                });
    }

这篇关于使用Spring Security和自定义数据库的Spring Boot的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！