springboot2 security成功登陸後無法獲取使用者資訊 getPrincipal為anonymous
阿新 • • 發佈:2019-01-01
我這是一個前後端分離專案所以可能和大多數專案不太相同
我登陸成功之後獲取到的 SecurityContextHolder.getContext().getAuthentication().getPrincipal() 是 anonymous
之前我設定的是
.anyRequest().permitAll()所有請求都不需要許可權就可以訪問,這樣的話所有請求內都無法得到認證資訊,所以是anonymous
後來改成了
.anyRequest().authenticated()所有請求都需要認證之後就可以了
下面上一個security的配置全程式碼
package com.qky.qingchi.config.security; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { /*@Bean public CustomUserDetailsService customUserDetailsService() { return new CustomUserDetailsService(); }*/ @Bean public MyAuthenticationProvider myAuthenticationProvider() { return new MyAuthenticationProvider(); } @Override protected void configure(HttpSecurity http) throws Exception { http .formLogin().successForwardUrl("/login/success") .and() .authorizeRequests() //設定忽略規則 .antMatchers("/talk/*").permitAll() //設定攔截規則 .anyRequest().authenticated() .and() .cors() .and() .csrf().disable(); } @Bean public BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } /*@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("q").password(new BCryptPasswordEncoder().encode("1")).roles("USER") .and() .withUser("w").password(new BCryptPasswordEncoder().encode("1")).roles("USER"); }*/ }
package com.qky.qingchi.config.security; import com.qky.qingchi.entity.User; import com.qky.qingchi.user.repository.UserRepository; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import javax.annotation.Resource; public class MyAuthenticationProvider implements AuthenticationProvider { @Resource UserRepository userRepository; /** * 自定義驗證方式 */ @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { User user; if (authentication.getName().equals("q")) { user = userRepository.findOneByName("q"); } else if (authentication.getName().equals("k")) { user = userRepository.findOneByName("kk"); } else { throw new AuthenticationException("使用者不存在") { }; } System.out.println("user:{"+user); return new UsernamePasswordAuthenticationToken(user, "", user.getAuthorities()); } @Override public boolean supports(Class<?> arg0) { return true; } }
參考: