Spring boot basic authentication
-
I would start by reading the spring boot security documentation. Below you will find a link.
https://docs.spring.io/spring-security/site/docs/current/guides/html5/helloworld-boot.html
讨论(0) -
Change add method in SpringSecurityConfig.java like Below
@Configuration @EnableWebSecurity public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserAuthenticationService userAuthenticationService; @Autowired private CustomAuthenticationProvider authenticationProvider; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(this.authenticationProvider).userDetailsService(this.userAuthenticationService); } @Override protected void configure(HttpSecurity http) throws Exception { http .cors().and().csrf().disable().authorizeRequests() .anyRequest().authenticated().and().httpBasic(); }}Create CustomAuthenticationProvider.
@Component public class CustomAuthenticationProvider implements AuthenticationProvider { @Autowired private UserAuthenticationService userAuthenticationService; @Override public boolean supports(Class<?> authentication) { return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication)); } @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String emailId = authentication.getName(); String password = (String) authentication.getCredentials(); UserDetails user = this.userAuthenticationService.loadUserByUsername(emailId); if (user == null) { throw new UsernameNotFoundException("Username not found."); } //Your password encoder here if (!password.equals(user.getPassword())) { throw new UsernameNotFoundException("Wrong password."); } Collection<? extends GrantedAuthority> authorities = user.getAuthorities(); return new UsernamePasswordAuthenticationToken(user, password, authorities); }}Create Custom UserService
@Service public class UserAuthenticationService implements UserDetailsService { @Autowired private UserRepository userRepository; @Override public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException { User user = userRepository.findByEmailAddressWithRole(email); if (user == null) { throw new UsernameNotFoundException("Username not found for " + email); } List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(); for (Role roles : user.getRoles()) { grantedAuthorities.add(new SimpleGrantedAuthority(roles.getRoleName())); } return new UserAuthenticationWrapperDto(user.getId(), user.getEmailAddress(), user.getPassword(), user.getUserType(), user.getCompany().getId(), grantedAuthorities,user.getName()); }}讨论(0) -
You need to permit access to the login endpoint (at least). E.g.
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/login", "/error").permitAll() .antMatchers("/**").authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")); }If I were you I would remove the
@EnableWebSecurity(and let Spring Boot do it's job) as well. And then in the login endpoint you need to set the security context, e.g.@PostMapping public void authenticate(@RequestParam Map<String, String> map, HttpServletRequest request, HttpServletResponse response) throws Exception { Authentication result = authService.authenticate(map.get("username"), map.get("password")); SecurityContextHolder.getContext().setAuthentication(result); handler.onAuthenticationSuccess(request, response, result); }The
authServiceshould throwBadCredentialsExceptionif the user cannot be authenticated. Here's a sample app that I used in a blog once: https://github.com/dsyer/mustache-sample/blob/7be8459173d0b65b6d44d05f86e581d358ea9b2e/src/main/java/com/example/DemoApplication.java#L177讨论(0)
加载中...
- 热议问题