Rollenbasierte Authentifizierung mit Springboot

StackOverflow https://stackoverflow.com//questions/24053839

Frage

Ich bin ziemlich neu bei Springboot und habe bei einigen meiner Methoden Probleme bei der Verwendung der rollenbasierten Basisauthentifizierung.Ich habe einen benutzerdefinierten UserDetailsService geschrieben, der ohne Rollen gut funktioniert. 

    @Override
    public UserDetails loadUserByUsername(String arg0)
            throws UsernameNotFoundException {
        Developer d = DeveloperFactory.loadDeveloperByQuery(" Email = '" + arg0 + "'", null);
        if (d == null) throw new UsernameNotFoundException ("User with email " + arg0 + " doesn't exist in our database");

        String username = d.getEmail();
        String password = d.getPassword();
        boolean enabled = d.getActive ();
        boolean accountNonExpired = enabled; 
        boolean credentialsNonExpired = enabled;
        boolean accountNonLocked = enabled;

        Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        for(Role role : d.roles.toArray()) {
                authorities.add(new SimpleGrantedAuthority(role.getName()));
        }
        UserDetails u = new User (username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
        return u;
    }

Once I add a role with the @Secured annotation to my controller methods like

    @Secured({"USER"})
        @RequestMapping(value = "/admin", method = RequestMethod.GET)
        public Developer[] getByQuery (@RequestParam(value="email", required=false) String email) { 
            if (email == null) {
                Developer[] admins = DeveloperFactory.listDeveloperByQuery(" IsAdmin = TRUE", null);
                return admins;
            } else {
                Developer admin = DeveloperFactory.loadDeveloperByQuery("Email = '" + email + "'", null);
                if (admin == null) throw new AdminNotFound ();
                return new Developer[]{admin};
            }
        }

Ich fange an, den verbotenen Fehler zu bekommen.Ich habe bestätigt, dass die Benutzer über die angeforderten Rollen in der Datenbank verfügen, aber es funktioniert immer noch nicht.Mein SecurityConfigurer sieht so aus.

 @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(new UserDetailsServiceImpl());
        }

        @Override
        public UserDetailsService userDetailsServiceBean() {
            return new UserDetailsServiceImpl();
        }


    }

und meine Bewerbungsklasse so.

@Configuration
@ComponentScan
@EnableAutoConfiguration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class Application extends SpringBootServletInitializer {

    public static void main(final String[] args) {
        SpringApplication.run(Application.class, args);
    }    
}

Kann mir bitte jemand sagen, warum meine Benutzerrollen nicht auf den /admin GET-Endpunkt angewendet werden?

Hier sind meine Protokolle. 

2014-06-06 03:16:04.453 DEBUG 9364 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Calling Authentication entry point.
2014-06-06 03:16:04.454 DEBUG 9364 --- [nio-8080-exec-1] o.s.s.w.a.Http403ForbiddenEntryPoint     : Pre-authenticated entry point called. Rejecting access
2014-06-06 03:16:04.454 DEBUG 9364 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2014-06-06 03:23:04.886 DEBUG 9364 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /admin at position 1 of 9 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2014-06-06 03:23:04.886 DEBUG 9364 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /admin at position 2 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-06-06 03:23:04.886 DEBUG 9364 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /admin at position 3 of 9 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2014-06-06 03:23:04.887 DEBUG 9364 --- [nio-8080-exec-3] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@68fe414e
2014-06-06 03:23:04.887 DEBUG 9364 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /admin at position 4 of 9 in additional filter chain; firing Filter: 'LogoutFilter'
2014-06-06 03:23:04.887 DEBUG 9364 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/admin'; against '/logout'
2014-06-06 03:23:04.887 DEBUG 9364 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /admin at position 5 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2014-06-06 03:23:04.887 DEBUG 9364 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /admin at position 6 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2014-06-06 03:23:04.888 DEBUG 9364 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /admin at position 7 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2014-06-06 03:23:04.888 DEBUG 9364 --- [nio-8080-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2014-06-06 03:23:04.889 DEBUG 9364 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /admin at position 8 of 9 in additional filter chain; firing Filter: 'SessionManagementFilter'
2014-06-06 03:23:04.889 DEBUG 9364 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /admin at position 9 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-06-06 03:23:04.889 DEBUG 9364 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /admin reached end of additional filter chain; proceeding with original chain
2014-06-06 03:23:04.894 DEBUG 9364 --- [nio-8080-exec-3] o.s.s.a.i.a.MethodSecurityInterceptor    : Secure object: ReflectiveMethodInvocation: public com.withinet.cloud.domain.Developer[] com.withinet.cloud.service.AdminController.getByQuery(java.lang.String); target is of class [com.withinet.cloud.service.AdminController]; Attributes: [ROLE_WEB]
2014-06-06 03:23:04.894 DEBUG 9364 --- [nio-8080-exec-3] o.s.s.a.i.a.MethodSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2014-06-06 03:23:04.894 DEBUG 9364 --- [nio-8080-exec-3] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.access.vote.RoleVoter@7bcf60f2, returned: -1
2014-06-06 03:23:04.894 DEBUG 9364 --- [nio-8080-exec-3] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.access.vote.AuthenticatedVoter@6be5ef5e, returned: 0
2014-06-06 03:23:04.896 DEBUG 9364 --- [nio-8080-exec-3] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
    at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:60)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:644)
    at com.withinet.cloud.service.AdminController$$EnhancerBySpringCGLIB$$7633a4cc.getByQuery(<generated>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:749)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:689)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:83)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:938)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:870)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:961)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:852)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
    at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1721)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1679)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

2014-06-06 03:23:04.897 DEBUG 9364 --- [nio-8080-exec-3] o.s.s.w.a.ExceptionTranslationFilter     : Calling Authentication entry point.
2014-06-06 03:23:04.897 DEBUG 9364 --- [nio-8080-exec-3] o.s.s.w.a.Http403ForbiddenEntryPoint     : Pre-authenticated entry point called. Rejecting access
2014-06-06 03:23:04.897 DEBUG 9364 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
War es hilfreich?

Lösung

Normalerweise benötigen Sie das Präfix „ROLE_“. @Secured (wenn Sie die Rolle Wähler verwenden möchten), d.h. @Secured("ROLE_USER").

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top