配置类没有设置密码加密,后台debug跟踪显示用户名密码角色都正确,可是就一直报错求助。。
userdetail类
package com.lfshr.contentmanagement.service.impl;import com.lfshr.contentmanagement.dao.UserDao;
import com.lfshr.contentmanagement.domain.Roles;
import com.lfshr.contentmanagement.domain.Users;
import com.lfshr.contentmanagement.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;import java.util.ArrayList;
import java.util.Collection;
import java.util.List;@Service("userService")
public class UserServiceImpl implements UserService{
@Autowired
private UserDao userDao; @Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// 从数据库中取出用户信息
Users user = selectByName(username); // 判断用户是否存在
if(user == null) {
throw new UsernameNotFoundException("用户名不存在");
}
//查询用户角色
List<Roles> roles = user.getRoles();
List<SimpleGrantedAuthority> authority = getAuthority(roles); // 返回UserDetails实现类
return new User(user.getUsername(), "{noop}"+user.getPassword(), authority);
} public List<SimpleGrantedAuthority> getAuthority(List<Roles> roles) {
ArrayList<SimpleGrantedAuthority> authoritys = new ArrayList<>();
for (Roles role : roles) {
authoritys.add(new SimpleGrantedAuthority("ROLE_"+role.getRoleName()));
}
return authoritys;
} /**
* 查询所有用户
* @return
*/
public List<Users> queryUserList(){
return userDao.queryUserList();
} /**
* 添加用户
*/
public void addUser(Users user){
userDao.addUser(user);
} /**
* 关联用户和角色
*/
public void insertUsers_role(String userId,String roleId){
userDao.insertUsers_role(userId,roleId);
} /**
* 根据用户名查询用户
*/
public Users selectByName(String userName){
return userDao.selectByName(userName);
}}
springsecurrity配置类
package com.lfshr.contentmanagement.security;import com.lfshr.contentmanagement.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;@Configuration//标识配置类
@EnableWebSecurity//开启 Security 服务
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启全局 Securtiy 注解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService; @Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
} @Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
} });
} @Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// 如果有允许匿名的url,填在下面
// .antMatchers().permitAll()
.anyRequest().authenticated()
.and()
// 设置登陆页
.formLogin()
// 设置登陆成功页
.defaultSuccessUrl("/").permitAll()
//处理登录
.loginProcessingUrl("/lf/login")
// 自定义登陆用户名和密码参数,默认为username和password
// .usernameParameter("username")
// .passwordParameter("password")
.and()
.logout().permitAll();
// 关闭CSRF跨域
http.csrf().disable();
} @Override
public void configure(WebSecurity web) throws Exception {
// 设置拦截忽略文件夹,可以对静态资源放行
web.ignoring().antMatchers("/plugins/**");
}
}
userdetail类
package com.lfshr.contentmanagement.service.impl;import com.lfshr.contentmanagement.dao.UserDao;
import com.lfshr.contentmanagement.domain.Roles;
import com.lfshr.contentmanagement.domain.Users;
import com.lfshr.contentmanagement.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;import java.util.ArrayList;
import java.util.Collection;
import java.util.List;@Service("userService")
public class UserServiceImpl implements UserService{
@Autowired
private UserDao userDao; @Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// 从数据库中取出用户信息
Users user = selectByName(username); // 判断用户是否存在
if(user == null) {
throw new UsernameNotFoundException("用户名不存在");
}
//查询用户角色
List<Roles> roles = user.getRoles();
List<SimpleGrantedAuthority> authority = getAuthority(roles); // 返回UserDetails实现类
return new User(user.getUsername(), "{noop}"+user.getPassword(), authority);
} public List<SimpleGrantedAuthority> getAuthority(List<Roles> roles) {
ArrayList<SimpleGrantedAuthority> authoritys = new ArrayList<>();
for (Roles role : roles) {
authoritys.add(new SimpleGrantedAuthority("ROLE_"+role.getRoleName()));
}
return authoritys;
} /**
* 查询所有用户
* @return
*/
public List<Users> queryUserList(){
return userDao.queryUserList();
} /**
* 添加用户
*/
public void addUser(Users user){
userDao.addUser(user);
} /**
* 关联用户和角色
*/
public void insertUsers_role(String userId,String roleId){
userDao.insertUsers_role(userId,roleId);
} /**
* 根据用户名查询用户
*/
public Users selectByName(String userName){
return userDao.selectByName(userName);
}}
springsecurrity配置类
package com.lfshr.contentmanagement.security;import com.lfshr.contentmanagement.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;@Configuration//标识配置类
@EnableWebSecurity//开启 Security 服务
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启全局 Securtiy 注解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService; @Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
} @Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
} });
} @Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// 如果有允许匿名的url,填在下面
// .antMatchers().permitAll()
.anyRequest().authenticated()
.and()
// 设置登陆页
.formLogin()
// 设置登陆成功页
.defaultSuccessUrl("/").permitAll()
//处理登录
.loginProcessingUrl("/lf/login")
// 自定义登陆用户名和密码参数,默认为username和password
// .usernameParameter("username")
// .passwordParameter("password")
.and()
.logout().permitAll();
// 关闭CSRF跨域
http.csrf().disable();
} @Override
public void configure(WebSecurity web) throws Exception {
// 设置拦截忽略文件夹,可以对静态资源放行
web.ignoring().antMatchers("/plugins/**");
}
}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货