如何在Spring引導安全配置中添加新註冊的用戶？

我在工作Spring-Boot，Spring Security與basic認證。我將通過RESTful API調用從我的用AngularJS編寫的客戶端應用程序發送登錄URL。如何在Spring引導安全配置中添加新註冊的用戶？

一切正常。 DB中的所有用戶在SecurityConfiguration.java中進行了配置，如下所示。

@Autowired 
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception { 

    List<User> users = userService.getUsers(); 
    for (User user : users) { 
     auth.inMemoryAuthentication().withUser(user.getUserName()).password(user.getPassword()) 
       .roles(user.getRole().getName()); 
    } 
} 

@Override 
protected void configure(HttpSecurity http) throws Exception { 

    http.csrf().disable().authorizeRequests().antMatchers("/server/rest/secure/**") 
    .hasRole("ADMIN").and() 
      .httpBasic().realmName(REALM).authenticationEntryPoint(getBasicAuthEntryPoint()); 
} 

@Bean 
public CustomBasicAuthenticationEntryPoint getBasicAuthEntryPoint() { 
    return new CustomBasicAuthenticationEntryPoint(); 
}

CustomBasicAuthenticationEntryPoint.java

import java.io.IOException; 
import java.io.PrintWriter; 

import javax.servlet.ServletException; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 

import org.springframework.security.core.AuthenticationException; 
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; 

public class CustomBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint { 

@Override 
public void commence(final HttpServletRequest request, 
     final HttpServletResponse response, 
     final AuthenticationException authException) throws IOException, ServletException { 

    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 
    response.addHeader("WWW-Authenticate", "Basic realm=" + getRealmName() + ""); 

    PrintWriter writer = response.getWriter(); 
    writer.println("HTTP Status 401 : " + authException.getMessage()); 
    response.setHeader("WWW-Authenticate", "FormBased"); 
    response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"); 
} 

@Override 
public void afterPropertiesSet() throws Exception { 
    setRealmName("MY_TEST_REALM"); 
    super.afterPropertiesSet(); 
} 
}

所以如果我立即登記，將插在DB，但在上面執行不添加一個新用戶。所以驗證失敗。

如何可以刷新上述實施新的用戶

來源

2017-09-08 Prince

的每當我和做註冊在做與數據庫認證，你應該做到以下幾點：

@Service("userDetailsService") 
@Transactional 
public class MUserDetailService implements UserDetailsService { 

    @Autowired 
    AppUserDao appUserDao; 

    @Override 
    public UserDetails loadUserByUsername(final String appUserName) throws UsernameNotFoundException { 

     AppUser appUser = appUserDao.findByName(appUserName); 
     if (appUser == null) throw new UsernameNotFoundException(appUserName); 
     else{ 
      return new User(appUser.getUsername(),appUser.getPassword(),appUser.getActive(),true,true,true,getGrantedAuthorities(appUser)); 
     } 
    } 

    private List<GrantedAuthority> getGrantedAuthorities(AppUser appUser){ 
     List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); 

     for (Authority authority : appUser.getAuthorities()){ 
      authorities.add(new SimpleGrantedAuthority(authority.getAuthorityName())); 
     } 
     return authorities; 
    } 
}

，然後定義SecurityConfiguration如下：

@Configuration 
@EnableWebSecurity 
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{ 

    @Autowired 
    @Qualifier("userDetailsService") 
    UserDetailsService userDetailsService; 


    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsService); 
    } 
}

來源

2017-09-08 19:33:18 ArslanAnjum

你能給這個參考鏈接嗎？ – Prince

你是指什麼參考鏈接？ – ArslanAnjum

我的意思是任何網站的參考。它會幫我更新我的代碼，如果需要的話 – Prince

如何在Spring引導安全配置中添加新註冊的用戶？

回答

相關問題