1. 首页
  2. 问答
  3. Spring Security + REST + postgeSQL

Spring Security + REST + postgeSQL

2017-07-13 108 views
0

我做了关于使用Spring Security的授权的教程https://auth0.com/blog/securing-spring-boot-with-jwts/,但本例使用硬编码的用户数据。我想授权使用数据库PostgreSQL。我怎样才能做到这一点?或者你知道使用Spring REST Security和PstgreSQL的github上的一些例子吗?Spring Security + REST + postgeSQL

package com.example.security; 

import org.springframework.context.annotation.Configuration; 
import org.springframework.http.HttpMethod; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; 

@Configuration 
@EnableWebSecurity 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 
    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
    http.csrf().disable().authorizeRequests() 
     .antMatchers("/").permitAll() 
     .antMatchers(HttpMethod.POST, "/login").permitAll() 
     .anyRequest().authenticated() 
     .and() 
     // We filter the api/login requests 
     .addFilterBefore(new JWTLoginFilter("/login", authenticationManager()), 
       UsernamePasswordAuthenticationFilter.class) 
     // And filter other requests to check the presence of JWT in header 
     .addFilterBefore(new JWTAuthenticationFilter(), 
       UsernamePasswordAuthenticationFilter.class); 
    } 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
    // Create a default account 
    auth.inMemoryAuthentication() 
     .withUser("admin") 
     .password("password") 
     .roles("ADMIN"); 
    } 
}

来源

2017-07-13 user

+0

你应该创建自己的userdetailservice –

回答

1

您可以与您的自定义userdetailservice像这样使用它:

@Autowired 
    private CustomUserDetailService userDetailsService; 

@Override 
    public void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth 
       .userDetailsService(userDetailsService) 
       ; 
    }

,并添加customuserdetail服务:

@Service 
public class CustomUserDetailService implements UserDetailsService { 


    @Override 
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { 

     User user = getUserFromDatabase(); 

     UserItem userItem = new UserItem(user.getUsername(),user.getPassword(),true,true,true,true, new ArrayList<GrantedAuthority>());; 

     userItem.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_ADMIN", "ROLE_USER")); 
     return userItem; 
    } 
}

来源

2017-07-13 13:52:56 mrtasln

1

您需要为数据源创建一个bean这样

@Bean 
public DriverManagerDataSource dataSource() { 
    DriverManagerDataSource driverManagerDataSource = new DriverManagerDataSource(); 
    driverManagerDataSource.setDriverClassName("org.postgresql.Driver"); 
    driverManagerDataSource.setUrl("jdbc:postgresql://127.0.0.1:5432/mydb"); 
    driverManagerDataSource.setUsername("postgres"); 
    driverManagerDataSource.setPassword("root"); 
    return driverManagerDataSource; 
}

然后自动装配javax.sql.DataSource您WebSecurityConfig类中:

@Autowired 
DataSource dataSource;

,如果你的密码是那么Bcrypt编码的创建一个bean for passwordEncoder

@Bean(name="passwordEncoder") 
    public PasswordEncoder passwordencoder(){ 
     return new BCryptPasswordEncoder(); 
    }

这样的配置验证:

public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception { 
    auth.jdbcAuthentication().dataSource(dataSource) 
    .usersByUsernameQuery(
    "select email,password from users where email=?").passwordEncoder(passwordencoder()); 
}

终于命中/login路线。

来源

2017-07-13 13:44:38

相关问题

 相关问题