我正在实现 SecurityFilterChain 并对其进行设置,以便只有管理员才能访问该端点。当我使用管理员帐户登录时,它不允许我访问。
我的代码
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class EndToEndSecurityDemo{
private final EndToEndUserDetailsService userDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.authorizeHttpRequests((auth) -> auth
.requestMatchers(
new AntPathRequestMatcher("/"),
new AntPathRequestMatcher("/login"),
new AntPathRequestMatcher("/error"),
new AntPathRequestMatcher("/registration/**")
)
.permitAll()
.requestMatchers(
new AntPathRequestMatcher("/users/**")
)
.hasRole("ADMIN")
.anyRequest().authenticated()
)
.formLogin((login)-> login
.loginPage("/login")
.usernameParameter("email")
.defaultSuccessUrl("/")
.permitAll()
)
.logout((logout)-> logout
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/")
)
.csrf(withDefaults())
.httpBasic(withDefaults())
.build();
}
}
@Data
public class EndToEndUserDetails implements UserDetails {
private String userName;
private String password;
private boolean isEnabled;
private List<GrantedAuthority> authorities;
public EndToEndUserDetails(User user) {
this.userName = user.getEmail();
this.password = user.getPassword();
this.isEnabled = user.isEnabled();
this.authorities =
Arrays.stream(user.getRoles().toString().split(","))
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return userName;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
@Service
@RequiredArgsConstructor
public class EndToEndUserDetailsService implements UserDetailsService {
private final UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
return userRepository.findByEmail(email)
.map(EndToEndUserDetails::new)
.orElseThrow(()-> new UsernameNotFoundException("User not found"));
}
}
在注册时,我将用户设置为“用户”。
@Service
@RequiredArgsConstructor
public class UserService implements IUserService{
private final UserRepository userRepository;
private final PasswordEncoder passwordEncoder;
private final VerificationTokenService verificationTokenService;
@Override
public List<User> getAllUsers() {
return userRepository.findAll();
}
@Override
public User registerUser(RegistrationRequest registration) {
var user = new User(registration.getFirstName(), registration.getLastName(),
registration.getEmail(),
passwordEncoder.encode(registration.getPassword()),
Arrays.asList(new Role("USER")));
return userRepository.save(user);
}
@Override
public Optional<User> findByEmail(String email) {
return Optional.ofNullable(userRepository.findByEmail(email)
.orElseThrow(() -> new UsernameNotFoundException("User not found")));
}
@Override
public Optional<User> findById(Long id) {
return userRepository.findById(id);
}
@Transactional
@Override
public void updateUser(Long id, String firstName, String lastName, String email) {
userRepository.update(firstName, lastName, email, id);
}
@Transactional
@Override
public void deleteUser(Long id) {
Optional<User> theUser = userRepository.findById(id);
theUser.ifPresent(user -> verificationTokenService.deleteUserToken(user.getId()));
userRepository.deleteById(id);
}
}
在数据库中,我有表“user”、“role”和“user_role”。我将角色名称更改为“ADMIN”并重新启动应用程序,但它仍然是相同的。
您应该将带有前缀
ROLE_ROLE_ADMIN不幸的是,您没有提供 Role 类的示例,所以我看不到您是如何实现它的。请检查前缀是否存在。