【问题标题】:Access the spring security in different ports getting principle data as a String 'anonymousUser'以字符串“anonymousUser”的形式访问不同端口中的 spring security 获取原理数据
【发布时间】:2017-01-14 17:04:19
【问题描述】:

我有一个应用程序在我的本地 8100 中运行,我的服务器端代码在 8065 中执行,它已将 Spring Security 实现为 Java 配置。当我从 8100 离子浏览器窗口中点击登录服务器代码时。我得到的主要对象数据只有字符串为anonymousUser。 我在服务器端代码中打印了AuthenticationPrinciple 数据。下面贴上代码。

对于Authentication

Authentication auth = SecurityContextHolder.getContext().getAuthentication()

auth 数据是,

org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS

对于getPrincipal

Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();

principal数据

anonymousUser这个字符串只有它有。下面我粘贴了我的安全配置 java 类代码。

安全配置Java类

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    DataSource dataSource;

    @Autowired
    private SecurityUserService userDetailsService;

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/user/createsocialuser");
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        ExceptionMappingAuthenticationFailureHandler loginFailureHandler = new ExceptionMappingAuthenticationFailureHandler();

        loginFailureHandler.setDefaultFailureUrl("/login/loginFailure");

        http
        .authorizeRequests()
        .regexMatchers("/login.*").permitAll()
        .regexMatchers("/admin.*").hasRole("ADMIN")
        .regexMatchers("/user.*").hasRole("USER")
            .and()
            .formLogin()
            .usernameParameter("j_username") 
            .passwordParameter("j_password")
            .loginProcessingUrl("/j_spring_security_check")
            .defaultSuccessUrl("/login/loginSuccess")
            .permitAll()
            .failureHandler(loginFailureHandler)
            .permitAll().and().logout().permitAll()
            .and().exceptionHandling()
            .accessDeniedPage("/accessDenied/403").and().csrf().disable();
    }


}

登录 HTML

<form class="form-horizontal" name="loginform" data-ng-submit="doLogin(loginform,userDetails)">
          <label for="username">Username:</label>
          <input type="text" class="form-control" ng-model="$parent.login.email" id="j_username" placeholder="Enter username" name="j_username" >
          <label for="password">Password:</label>
          <input type="password" class="form-control" ng-model="$parent.login.password" id="j_password" placeholder="Enter password" type="password" name="j_password">
          <div class="alert alert-danger" id="loginerror" role="alert">
            invalid usermame or password
          </div><br/>

          <button type="submit" class="btn btn-default submit">Si in</button>
      </form>

登录Js

$scope.doLogin = function(loginform,userDetails) {
            if (loginform.$valid) {
             console.log('$parent.login.email',angular.toJson(self.login.email));
             console.log('$parent.login.password',angular.toJson(self.login.password));
             var loc = 'http://localhost:8080/Test_10030';
              $http.post(loc+'/j_spring_security_check?j_username='+self.login.email+'&j_password='+self.login.password)
             .success(function(data){ 
                   console.log('Server data =>',angular.toJson(data));
                 if(data.responseError == "loginFailed"){
                     alert("user name pasword incorrect")
                       console.error('Server data =>');
                     $log.log("Error login Credentials: ",JSON.stringify(data));
                     $location.url('login');
                 }


           if(data.responseSuccess == "success"){
              if(data.result != null){
                  var serverData = data.result;
                  console.warn('Server data =>',angular.toJson(serverData));
                  $rootScope.userData= serverData;
                  $location.url('/home');
              }
           }
           }).error(function(data){          
            //callback 
            console.log('Error Some Internal server Error',data);
           });
             } else {
              $log.log("form is invalid!");
              if (self.isNewUser) {
               loginform["username"].$dirty = true;
               loginform["usrtel"].$dirty = true;
              } 
              loginform["email"].$dirty = true;
              loginform["password"].$dirty = true;
             }
            };

登录控制器Java

 @RestController
    @RequestMapping("/login")
    public class LoginController {
        @RequestMapping(value="/loginSuccess",method = RequestMethod.GET)
        public  ResponseWrapper  create(Principal principle) {  
            System.out.println("-------***************----------------"); 
            try {
                System.out.println("principle data=>"+principle)// NULL POINTER EXCEPTION
                System.out.println("-------sucess********----------------");
                ResponseWrapper wrap = new ResponseWrapper();

                Object principal = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
                System.err.println("Principal dara=>"+principal);
                wrap.setResult(principle);
                wrap.setResponseSuccess("success");
                return wrap;
            } catch (Exception e) {
                e.printStackTrace();
            }
            return null;
        }
    }

UserDetail 类

@Service
@Transactional
public class SecurityUserService implements IUserService {

    @Autowired
    private SecurityUserDao gpuser_Dao;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        System.out.println("............" + username);
        GpUser user = gpuser_Dao.findUser(username);
        UserDetails userDetails = null;
        String rol = null;
        if (user == null) {
            throw new UsernameNotFoundException("No User found");
        } else {
            List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
            // Access DB and get the roles and assign
            Object obj = user.getAuthorities();
            System.out.println("obje data=>" + obj.toString());
            grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN")); 
            userDetails = new User(user.getUsername(), user.getPassword(), true, true, true, true, grantedAuthorities);
            /** ADDING ROLES-Creating authentication object with roles **/
            Authentication authentication = new UserAuthenticationToken(user, userDetails,
                    userDetails.getAuthorities());
            // Set the authentication
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
        Object principal = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
        return userDetails;
    }
}

BootSecurityUserDao .java

@Repository
@Transactional
public class BootSecurityUserDao implements IUserDao {

    @PersistenceContext
    private EntityManager entityManager;

    @SuppressWarnings("unchecked")
    public GUser findUser(String username){
        try{

            String login = "select * from guser where username=:username";
            Query result = entityManager.createNativeQuery(login,GUser.class)
                    .setParameter("username", username);
            List<GUser> list  = result.getResultList();
            System.out.println("size of user list : " + list.size());
            if (list.size() > 0) {
                GUser user_from_db = list.get(0);
                return user_from_db;
            }

        }catch(DataAccessException e) {
            e.printStackTrace();
        }
        return null;
    }
}

在我的安全 java 配置类中是否有任何其他代码为特定角色添加,例如 anonymousUserROLE_ANONYMOUS。我为\login 相关的URLS 添加了permitAll()。或者弹簧安全本身有任何代码来克服这个问题,就像我有一个困惑一样。

【问题讨论】:

  • @PrasannaKumar 没错,但在我的 ionic 应用程序中,当我登录时调用了两个请求,用于 spring 安全登录 url
  • 一个是GETPOST @PrasannaKumar
  • @PrasannaKumar 实际上它应该是一个针对 POST 的请求,但这里 ionic 应用程序自动添加了 GET 请求,现在只有我看到了 chrome network 控制台..,跨度>
  • @PrasannaKumar GET 作为第一个请求,它的状态为 302,然后重定向到 POST 请求 POSt,req 的状态为 302,然后重定向到 Java 控制器内部的 loginSuccess 方法
  • @PrasannaKumar 先生,我为 coulmn f 用户表中的每个用户硬编码了角色..确切地说,我没有分配任何角色代码。通常用户在网站上注册

标签: java spring-security


【解决方案1】:

可能是您的数据库角色分配不正确。做一件事,验证用户,然后自己分配角色,如下所示。

AssignRoles.java

public class AssignRoles implements UserDetailsService { 

    Public Principal principalObject;
    //getter setter

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { 
            List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
            //Access DB and get the roles and assign
            grantedAuthorities.add( new SimpleGrantedAuthority("Role_User"));

            boolean enabled = true;  
            boolean accountNonExpired = true;  
            boolean credentialsNonExpired = true;  
            boolean accountNonLocked = true;   
            UserDetails userDetails =  new User(userName,password,enabled,accountNonExpired, credentialsNonExpired,accountNonLocked,grantedAuthorities); 

           /**ADDING ROLES-Creating authentication object with roles**/
            Authentication authentication = new UserAuthenticationToken(principalObject, userDetails, userDetails.getAuthorities());
            //Set the authentication 
            SecurityContextHolder.getContext().setAuthentication(authentication);  //Authentication is assigned,Now check security context user will have roles
            return userDetails;
    }

}

UserAuthenticationToken.java

public class UserAuthenticationToken extends AbstractAuthenticationToken {

        private static final long serialVersionUID = 1L;
        private final Object principal;
        private Object credentials;

        /**Store the principal object(you can store any object like userbean anything) as principal,userdetails as credentials and authorities in Authentication object**/
        public UserAuthenticationToken(Object principal, Object credentials,
                Collection<? extends GrantedAuthority> authorities) {
            super(authorities);
            this.principal = principal;
            this.credentials = credentials;
            super.setAuthenticated(true);
        }

        public Object getCredentials() {
            return this.credentials;
        }

        public Object getPrincipal() {
            return this.principal;
        }

    }

LoginController.java

public  ResponseWrapper create(Principal principle) {    
    try {
        ResponseWrapper wrap = new ResponseWrapper(); 

        Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();

         /**ADD THIS**/
        AssignRoles assignROles = new AssignRoles();
        assignRoles.setPrincipalObject(principal);
        assignRoles.loadUserByUsername(SecurityContextHolder.getContext().getAuthentication().getName())  //send username

        SecurityContextHolder.getContext().getAuthentication().getAuthorities() //It will print assigned roles

        return wrap;
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}

更新: 将您的UserDetail.class 修改为

@Service
@Transactional
public class BootUserService implements  IUserService {

    @Autowired
    private BootSecurityUserDao gpuser_Dao;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        System.out.println("............"+username);

        GUser gUser = gpuser_Dao.findUser(username);
  UserDetails userDetails = null;
        if (gUser== null) {
            throw new UsernameNotFoundException("No User found");
        } else {
            List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
            //Access DB and get the roles and assign
            grantedAuthorities.add( new       SimpleGrantedAuthority(gUser.getAuthority())); //If not fetched fetch from db and assign
            //you can add any number of roles like
            /** grantedAuthorities.add( new       SimpleGrantedAuthority("RoleJustAsString")); **/

            userDetails =  new  User(userName,password,enabled,accountNonExpired, credentialsNonExpired,accountNonLocked,grantedAuthorities); 

           /**ADDING ROLES-Creating authentication object with roles**/
            Authentication authentication = new UserAuthenticationToken(gUser, userDetails, userDetails.getAuthorities());
            //Set the authentication 
                   SecurityContextHolder.getContext().setAuthentication(authentication); 
        }
        System.out.println("-=--------------user----"+user.toString());
        return userDetails;

    }
}

删除AssignRoles.java 并保留UserAuthenticationToken 类。

【讨论】:

  • 我在我的 userdetail.java 类中添加了这些行,然后我得到了输出,`Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();`
  • principal objRef 的输出为 GpUser [id=2, firstName=cenation, lastName=cena, middleName=john, username=admin, password=12345, languagepreference=null, primaryemail=null, phonenumber=null, screenname=null, startdate=null, licenseid=null, lastaccess=null, mustresetpassword=null, accestype=null, roles=[GpAuthority [logger=org.apache.commons.logging.impl.SLF4JLocationAwareLog@5542984d, id=2, authority=ROLE_ADMIN]], newuser=false]
  • 并且在我的 GpUser 类中有一个方法 getAuthorities 所以我为这一行打印了 System.out.println("princ"+user.getAuthorities()); 输出我得到它就像 [ROLE_ADMIN] @Prasanna Kumar
  • @Sakthi 工作正常.. 打印此SecurityContextHolder.getContext().getAuthentication().getAuthorities()
  • 先生,我在哪里添加上面的行,因为在登录控制器中,我添加了这行右侧 nw 它有 anonymusUser 行是 Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
猜你喜欢
  • 2012-01-26
  • 1970-01-01
  • 1970-01-01
  • 2017-11-04
  • 2012-03-02
  • 1970-01-01
  • 1970-01-01
  • 2020-02-24
  • 2014-05-23
相关资源
最近更新 更多