UserDetailsService
添加到 这个 Spring OAuth2 示例中?默认的 user
和 password
已经在 authserver
应用程序的 application.properties
文件中定义。但是,出于测试目的,我想将以下自定义的 UserDetailsService
添加到 authserver
应用程序的 demo
包中。package demo;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.stereotype.Service;
@Service
class Users implements UserDetailsManager {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
String password;
List<GrantedAuthority> auth = AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER");
if (username.equals("Samwise")) {
auth = AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_HOBBIT");
password = "TheShire";
}
else if (username.equals("Frodo")){
auth = AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_HOBBIT");
password = "MyRing";
}
else{throw new UsernameNotFoundException("Username was not found. ");}
return new org.springframework.security.core.userdetails.User(username, password, auth);
}
@Override
public void createUser(UserDetails user) {// TODO Auto-generated method stub
}
@Override
public void updateUser(UserDetails user) {// TODO Auto-generated method stub
}
@Override
public void deleteUser(String username) {// TODO Auto-generated method stub
}
@Override
public void changePassword(String oldPassword, String newPassword) {
// TODO Auto-generated method stub
}
@Override
public boolean userExists(String username) {
// TODO Auto-generated method stub
return false;
}
}
正如您所看到的,此UserDetailsService
尚未进行autowired
,并且它故意使用不安全的密码,因为它仅用于测试目的。
需要对GitHub示例应用程序进行特定更改,以使用户可以使用username=Samwise
和password=TheShire
或username=Frodo
和password=MyRing
登录吗?更改需要在AuthserverApplication.java
或其他地方进行吗?
建议:
Spring OAuth2开发人员指南建议使用GlobalAuthenticationManagerConfigurer
在全局配置UserDetailsService
。但是,对这些名称进行谷歌搜索会得到不太有帮助的结果。
此外,另一个使用内部Spring Security而不是OAuth的应用程序使用以下语法连接UserDetailsService
,但我不确定如何调整其语法以适应当前操作:
@Order(Ordered.HIGHEST_PRECEDENCE)
@Configuration
protected static class AuthenticationSecurity extends GlobalAuthenticationConfigurerAdapter {
@Autowired
private Users users;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(users);
}
}
我尝试在OAuth2AuthorizationConfig
中使用@Autowire
,以便将Users
连接到AuthorizationServerEndpointsConfigurer
,如下所示:
我尝试在OAuth2AuthorizationConfig
中使用@Autowire
,以便将Users
连接到AuthorizationServerEndpointsConfigurer
,如下所示:
@Autowired//THIS IS A TEST
private Users users;//THIS IS A TEST
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager)
.accessTokenConverter(jwtAccessTokenConverter())
.userDetailsService(users)//DetailsService)//THIS LINE IS A TEST
;
}
但是Spring Boot的日志显示用户Samwise
未找到,这意味着UserDetailsService
连接不成功。以下是Spring Boot日志中相关的摘录:
2016-04-20 15:34:39.998 DEBUG 5535 --- [nio-9999-exec-9] o.s.s.a.dao.DaoAuthenticationProvider :
User 'Samwise' not found
2016-04-20 15:34:39.998 DEBUG 5535 --- [nio-9999-exec-9]
w.a.UsernamePasswordAuthenticationFilter :
Authentication request failed:
org.springframework.security.authentication.BadCredentialsException:
Bad credentials
还可以尝试什么?
AuthenticationManagerBuilder
。这不会发生在字符串文字中,但在globalAuthBuilder
中会发生。请查看我下面发布的解决方案。 - Michael Ressler