当前位置:theitroad>java Spring Boot 基于角色的身份验证

java Spring Boot 基于角色的身份验证

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/42761656/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-11-03 06:51:27  来源:igfitidea点击:

Spring Boot Role Based Authentication

javaspring-bootrole

提问by Daniel Wehner

I have a problem concerning Spring Boot role based authentication. Basically, I would like to have users and admins and I want to prevent users from accessing admin resources. So I created a SecurityConfig class:

我有一个关于 Spring Boot 基于角色的身份验证的问题。基本上,我想要用户和管理员,并且我想阻止用户访问管理资源。所以我创建了一个 SecurityConfig 类:

package test;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

   @Override
   protected void configure(AuthenticationManagerBuilder auth) throws Exception {
       auth.inMemoryAuthentication()
           .withUser("user1").password("password1").roles("USER, ADMIN")
           .and()
           .withUser("user2").password("password2").roles("USER");
   }

   @Override
   protected void configure(HttpSecurity http) throws Exception {
       http.authorizeRequests()
           .antMatchers("/service/test").access("hasRole('USER') or hasRole('ADMIN')")
           .antMatchers("/service/admin").access("hasRole('ADMIN')");
   }
}

This is my little REST service:

这是我的小 REST 服务:

package test;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/service")
public class RestService {

    @RequestMapping(value = "/test", method = RequestMethod.GET)
    public String echo() {
        return "This is a test";
    }

    @RequestMapping(value = "/admin", method = RequestMethod.GET)
    public String admin() {
        return "admin page";
    }
}

And my Application class:

和我的应用程序类:

package test;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
@EnableAutoConfiguration 
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

Unfortunately, I always get a 403 "forbidden/access denied" error message when executing "curl user1:password1@localhost:8080/service/admin"... Did I miss anything in the configure method?

不幸的是,我在执行“curl user1:password1@localhost:8080/service/admin”时总是收到 403“forbidden/access denied”错误消息......我是否错过了配置方法中的任何内容?

Thank you very much in advance!

非常感谢您提前!

回答by Abdul Subbooh Danyal

Can you please check this.

你能检查一下吗。

withUser("user1").password("password1").roles("USER", "ADMIN")

withUser("user1").password("password1").roles("USER", "ADMIN")

write "USER" and "ADMIN" in separate qoutes.

在单独的 qoutes 中写入“USER”和“ADMIN”。

回答by Daniel Wehner

I changed it in the following way, now it seems to be working:

我按以下方式对其进行了更改,现在它似乎可以正常工作了:

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

     @Autowired
     protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
         auth.inMemoryAuthentication()
            .withUser("user1").password("password1").roles("USER", "ADMIN")
            .and()
            .withUser("user2").password("password2").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin().permitAll()
            .and()
            .authorizeRequests()
            .antMatchers("/service/test").hasAnyRole("USER", "ADMIN")
            .antMatchers("/service/admin").hasRole("ADMIN")
            .anyRequest().authenticated();
    }
}

Thank you very much for your answers!

非常感谢您的回答!

回答by Alex Cumarav

following setup works fine for my spring boot app:

以下设置适用于我的 Spring Boot 应用程序:

http.authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()//allow CORS option calls
            .antMatchers("/home", "/").hasAnyAuthority(Role.ROLE_ADMIN, Role.ROLE_USER)
            .antMatchers("/admin").hasAuthority(Role.ROLE_ADMIN)enter code here

相关推荐

我如何修复 java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 in android?我正在尝试学习 ArrayList

我如何修复 java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 in android?我正在尝试学习 ArrayList

java.lang.StackOverflowError:视图中的堆栈大小为 8MB

java.lang.StackOverflowError:视图中的堆栈大小为 8MB

Java- OpenCV 错误:OpenCV 错误:断言失败(dims <= 2 && step[0] > 0)

Java- OpenCV 错误:OpenCV 错误:断言失败(dims <= 2 && step[0] > 0)

java 无法创建 MD5 哈希文件?

java 无法创建 MD5 哈希文件?

相关推荐
最近更新
标签