我创建了UserDetailsServiceImpl。在这里,我获得了该用户的用户名和角色。但我无法理解问题所在。我在数据库中尝试过sql查询。
security config.Java
@EnableWebSecurity
@ComponentScan("com")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
};
@Autowired
protected void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login", "/", "/veteriner").permitAll().antMatchers("/**")
.hasRole("ADMIN").and().formLogin().loginPage("/login").defaultSuccessUrl("/login/login-status-success")
.failureUrl("/login/login-status-error").permitAll().usernameParameter("username")
.passwordParameter("password").and().logout().logoutSuccessUrl("/logout-success")
.invalidateHttpSession(true).permitAll().and().csrf();
}
login controller.Java
@Controller
@RequestMapping(value = "/login", method = RequestMethod.GET)
public class LoginController {
@GetMapping
public ModelAndView home() throws Exception {
ModelAndView mv = new ModelAndView();
mv.setViewName("login");
return mv;
}
@RequestMapping(path="/login-status-error",method = RequestMethod.GET)
@ResponseBody
public ModelAndView erorLogin() throws Exception {
ModelAndView mv = new ModelAndView();
mv.setViewName("main");
return mv;
}
@RequestMapping(path="/login-status-succes",method = RequestMethod.GET)
@ResponseBody
public ModelAndView succesLogin() throws Exception {
ModelAndView mv = new ModelAndView();
mv.setViewName("veteriner");
return mv;
}
}
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserService userService;
@Transactional(readOnly = true)
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
com.model.User user = userService.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found.");
}
User securityUser = new User(user.getUsername(), user.getPassword(), true, true, true, true,
buildUserAuthority(user.getUserRoles()));
return securityUser;
}
private List<GrantedAuthority> buildUserAuthority(List<User_role> userRoles) {
Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
for (User_role userRole : userRoles) {
setAuths.add(new SimpleGrantedAuthority(userRole.getRole().getRoleName()));
}
List<GrantedAuthority> results = new ArrayList<GrantedAuthority>(setAuths);
return results;
}
选择user0_.id为id1_6_,user0_.email为email2_6_,user0_.password为password3_6_,user0_.username为username4_6_ from public。“User”user0_ where user0_.username =? 16:37:16.930 [http-nio-8186-exec-12]错误org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - 尝试验证用户时发生内部错误。 org.springframework.security.authentication.InternalAuthenticationServiceException:java.util.ArrayList无法在org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:123)〜[spring-security]中强制转换为com.model.User -core-5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:144)〜[spring-security-core-5.1.4。 RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)〜[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE在org.springframework.security.wecurity.web上的org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200)〜[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE] .authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java :94)〜[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)[spring-security] -web-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE .jar:5.1.4.RELEASE]在org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)[spring-security-web-5.1.4.RELEASE.jar:5.1.4 .RELEASE] org.springframework上的org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]。 security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.web.filter.OncePerRequestFilter.doFilter( OncePerRequestFilter.java:107)[spring-web-5.1.4。 RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4。发布org.springframework.web上的org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] .filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java) :334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)[spring-security- web-5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE。 jar:5.1.4.RELEASE] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)org.springframework上的[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]。 web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy。 java:334)[org.springframework.security.web.FilterChainProxy.doFilterInternal([...] Spring- security-web -5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)[spring-security-web-5.1.4.RELEASE.jar:5.1 .4.RELEASE]在org.springframework.web的org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]。 filter.DelegatingFilterProxy .doFilter(DelegatingFilterProxy.java:270)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)[catalina。 jar:9.0.16] org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)[catalina.jar:9.0.16] at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter .java:71)[log4j-web-2.11.1.jar:2.11.1] org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)[catalina.jar:9.0.16] at org .apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)[catalina.jar:9.0.16] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)[catalina.jar: 9.0.16] org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)[catalina.jar:9.0.16] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490 )[catalina.ja r:9.0.16] org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)[catalina.jar:9.0.16] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :92)[catalina.jar:9.0.16] org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)[catalina.jar:9.0.16] at org.apache.catalina.core.StandardEngineValve .invoke(StandardEngineValve.java:74)[catalina.jar:9.0.16]在org.apache的org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)[catalina.jar:9.0.16] .coyote.http11.Http11Processor.service(Http11Processor.java:408)[tomcat-coyote.jar:9.0.16] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)[tomcat-coyote.jar: 9.0.16] org.apache.coyote.AbstractProtocol $ ConnectionHandler.process(AbstractProtocol.java:834)[tomcat-coyote.jar:9.0.16] at org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.doRun (NioEndpoint.java:1415)[tomcat-coyote.jar:9.0.16] org.apache.t omcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)[tomcat-coyote.jar:9.0.16] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)[?:1.8.0_202] at java .util.concurrent.ThreadPoolExecutor $ Worker.run(未知来源)[?:1.8.0_202] at org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.java:61)[tomcat-util.jar java.lang.Thread.run上的:9.0.16](未知来源)[?:1.8.0_202]引起:java.lang.ClassCastException:java.util.ArrayList无法在com处转换为com.model.User。 dao.UserDaoImpl.findByUsername(UserDaoImpl.java:23)〜[classes /:?] at com.service.UserServiceImpl.findByUsername(UserServiceImpl.java:26)〜[classes /:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(本地方法)〜[?:1.8.0_202] at sun.reflect.NativeMethodAccessorImpl.invoke(未知来源)〜[?:1.8.0_202] at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)〜[?:1.8.0_202在org.springfram的java.lang.reflect.Method.invoke(未知来源)〜[?:1.8.0_202] org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation)中的ework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE] .java:198)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)〜[spring-aop- 5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4 .RELEASE] org.springframework.aop.framework上的org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE] .ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicA) com.com。在com.sun.proxy上的#Prompxy.java:212)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]。$ Proxy238.findByUsername(未知来源)〜[?:?]在com。 service.UserDetailsServiceImpl.loadUserByUsername(UserDetailsServiceImpl.java:29)〜[classes /:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)〜[?:1.8.0_202] at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source )〜[?:1.8.0_202] at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)〜[?:1.8.0_202] at java.lang.reflect.Method.invoke(Unknown Source)〜[?:1.8.0_202 ] org.springframework.aop.uop.frame.ReoplectiveMethodInvocation org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE] orin.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)〜[在组织中的spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE] .springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.transaction.interceptor.TransactionInterceptor.invoke(在Org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)〜[spring-aop]的TransactionInterceptor.java:98)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE] -5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)〜[spring-aop-5.1.4.RELEASE.jar:5.1。 4.RELEASE] at com.sun.proxy。$ Proxy239.loadUserByUsername(Unknown Source)〜[?:?] org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:108)~ [spring- security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE] ......还有45个
对我来说有太多关注,但我认为只是你不能在同一个类中创建和注入相同的bean。
即
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public UserDetailsService userDetailsService() {...}
}
不行。想想看,你需要UserDetailsService
创建一个应该创建UserDetailsService
的类。那会怎么样?
你可以这样做:
@EnableWebSecurity
@ComponentScan("com")
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public UserDetailsService userDetailsService() {
return super.userDetailsService();
}
@Bean
public DaoAuthenticationProvider getDaoAuthenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
//call the userDetailsService() method here
authProvider.setUserDetailsService(userDetailsService());
authProvider.setPasswordEncoder(this.passwordEncoder());
return authProvider;
}
...
}
虽然这看起来很奇怪,但它做得对。 Spring代理所有方法调用,所以当你看似直接调用userDetailsService()
时,它实际上会注入相应的bean。