使用 jdbc 身份验证和 bcrypt 以及 spring security 6.2 和 spring boot 3.2 以及 JDK 17 访问基于角色的端点时出现错误 403 [重复]

问题描述 投票:0回答:1

我已经做了一些休息端点。我启用了基于角色的身份验证和授权。但问题是我公开的休息端点做得很好,但我为身份验证和授权所做的端点不起作用。它抛出错误 403。我正在浏览器中点击请求。我定义了两个角色 user 和 admin。我在数据库中创建了两个表 users 和authorities,并使用 coulmn 用户名与外键连接。

我还有一个疑问,我正在使用带有自己的用户名和密码的自定义过滤器链,据我所知,默认令牌不应在我的控制台中生成,该控制台仍在生成中。请也看看。我正在附上屏幕截图。

请帮忙。过去 20 天我一直陷入这个问题。尝试了一切。但仍然面临错误 403。

这是我的安全配置类


package com.telusko.securityconfiguration;

import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfigApp {
    
    @Autowired
    private DataSource dataSource;
    
    @Autowired
    public void authenticationManager(AuthenticationManagerBuilder auth) throws Exception {
        
        auth
        .jdbcAuthentication()
        .passwordEncoder(new BCryptPasswordEncoder())
        .dataSource(dataSource)
        .usersByUsernameQuery("select username,password,enabled from users where username=?")
        .authoritiesByUsernameQuery("select username,authority from authorities where username=?"); 
    }
    
    @Bean
    public SecurityFilterChain customFilterChain(HttpSecurity http) throws Exception {

        http.cors(cors->cors.disable())
        .authorizeHttpRequests(
        request ->request.requestMatchers("/api/").permitAll()
        .requestMatchers("/api/admin/").hasRole("ADMIN")
        .requestMatchers("/api/user/").hasAnyRole("ADMIN","USER")
        .anyRequest().authenticated()
        ).httpBasic(Customizer.withDefaults())
        .csrf(AbstractHttpConfigurer::disable)
        .formLogin(Customizer.withDefaults());
        return http.build();
        }
}

这是我的控制器类

package com.telusko.restcontroller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/api")
public class UserRestController {

    @GetMapping("/")
    public String welcome() {
        return "<h1>Welcome to Ineuron Family</h1>";
    }
    @GetMapping("/admin")
    public String adminProcess() {
        return "<h1>Welcome admin</h1>";
    }
    @GetMapping("/user")
    public String userProcess() {
        return "<h1>Welcome user</h1>";
    }
}

这是我的应用程序属性文件

spring.datasource.url=jdbc:mysql://localhost:3307/oct_batch1
spring.datasource.username=root
spring.datasource.password=Lumia@541

logging.level.org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder=INFO

这是我的

package com.telusko;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;

@SpringBootApplication()
@ComponentScan()
public class SpringSecurityJdbcAuthenticationApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringSecurityJdbcAuthenticationApplication.class, args);
    }

}

这是我收到的错误

Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.

Tue Jan 16 10:23:55 IST 2024
There was an unexpected error (type=Forbidden, status=403).
Forbidden

[[[[[[enter image description here](https://i.stack.imgur.com/fyWOw.png)](https://i.stack.imgur.com/cyd9d.png)](https://i.stack.imgur.com/zaBTI.png)](https://i.stack.imgur.com/NFDvw.png)](https://i.stack.imgur.com/od7Z3.png)](https://i.stack.imgur.com/mrMCn.png)

我已经尝试过lambda dsl,因为我正在使用spring security 6.2和cors禁用,chatgpt,bing ai,但它仍然不起作用。

java spring spring-boot spring-mvc spring-security
1个回答
-1
投票

数据库表、权限表中的权限是否正确定义?

您可以在配置类中使用 UserDetailsMANager 并检查它是否有效

@Bean
public UserDetailsManager userDetailsManager(DataSource dataSource) throws Exception {
    JdbcUserDetailsManager jdbcUserDetailsManager = new JdbcUserDetailsManager(dataSource);
    jdbcUserDetailsManager.setUsersByUsernameQuery("select username,password,enabled from users where username=?");
    jdbcUserDetailsManager.setAuthoritiesByUsernameQuery("select username,authority from authorities where username=?");
    return jdbcUserDetailsManager;
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.