目前我正在开发Springboot安全性,这对我来说很新。我关注了youtube视频教程Video
当我使用下面的代码片段时,我成功获得了oauth2 access_token: -
@SpringBootApplication
public class MathifyApplication {
@Autowired
private PasswordEncoder passwordEncoder;
public static void main(String[] args) {
SpringApplication.run(MathifyApplication.class, args);
}
@Autowired
public void authenticationManager(AuthenticationManagerBuilder builder, UserRepository repository, UserService service) throws Exception {
//Setup a default user if db is empty
User students = new User("stu1", "user", "user", "abc@gmail.com", "1234567890", "12th", "dwarka sec-12",
0, 0 , "may/29/2017", "", Arrays.asList(new Role("USER"), new Role("ACTUATOR")));
if (repository.count()==0){
service.save(students);
}
builder.userDetailsService(userDetailsService(repository)).passwordEncoder(passwordEncoder);
}
private UserDetailsService userDetailsService(final UserRepository repository) {
return userName -> new CustomUserDetails(repository.findByUsername(userName));
}
}
控制器类是: -
@RestController
public class LoginController {
@Autowired
private UserService userService;
@RequestMapping(value = "/mathify/getuser/{userId}", method = RequestMethod.GET)
public User getUser(@PathVariable String userId){
System.out.println("Userid "+userId);
return userService.getUser(userId);
}
@RequestMapping(method = RequestMethod.POST, value="/mathify/signup")
public User register(@RequestBody User user){
return userService.doSignup(user);
}
@GetMapping(value="/hi")
public String test(){
return "Oh ! I am fine without secuirity";
}
}
使用上面的代码片段,我可以获得access_token(/ oauth / token),我也可以毫无问题地调用其他控制器类私有API。
但上述代码存在问题。什么?在上面的代码片段中,用户是硬编码的,但是当我想在用户注册时获取access_token时,它会给出异常。
2017-06-18 11:04:05.689 ERROR 8492 --- [nio-8080-exec-3] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer@6b66d7ac to already built object] with root cause
java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer@6b66d7ac to already built object
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.add(AbstractConfiguredSecurityBuilder.java:196) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.apply(AbstractConfiguredSecurityBuilder.java:133) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder.apply(AuthenticationManagerBuilder.java:290) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder.userDetailsService(AuthenticationManagerBuilder.java:187) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at com.techiesandeep.mathify.controller.LoginController.register(LoginController.java:40) ~[classes/:na]
为了实现上述功能,我在应用程序和控制器中做了一些更改
应用程序类是: -
@SpringBootApplication
public class MathifyApplication {
@Autowired
private PasswordEncoder passwordEncoder;
public static void main(String[] args) {
SpringApplication.run(MathifyApplication.class, args);
}
}
和Controller类如下: -
@RestController
public class LoginController {
@Autowired
private UserService userService;
@Autowired
AuthenticationManagerBuilder builder;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private UserRepository repository;
@RequestMapping(value = "/mathify/getuser/{userId}", method = RequestMethod.GET)
public User getUser(@PathVariable String userId){
System.out.println("Userid "+userId);
return userService.getUser(userId);
}
@RequestMapping(method = RequestMethod.POST, value="/user/signup")
public User register(@RequestBody User user) throws Exception {
User u = userService.doSignup(user);
builder.userDetailsService(userDetailsService(repository)).passwordEncoder(passwordEncoder);
return u;
}
private UserDetailsService userDetailsService(final UserRepository repository) {
return userName -> new CustomUserDetails(repository.findByUsername(userName));
}
@GetMapping(value="/hi")
public String test(){
return "Oh ! I am fine without secuirity";
}
}
任何帮助都会令人感激。谢谢
答案 0 :(得分:2)
您可以调用另一个POST请求来获取访问令牌。 我不确定这是最好的方式,但与我合作很好。
注册请求映射中的示例代码片段:
RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
headers.set("Authorization", auth_header);
/*auth_header should be Autorization header value that captured from signup request, which is generated by Basic Auth with clientID and secret, for example, "Basic bXktdHJ1c3RlZC1jbGllbnQ6c2VjcmV0" */
HttpEntity<String> entity = new HttpEntity<String>("",headers);
String authURL = "http://localhost:8080/oauth/token?grant_type=password&username=yourusername&password=yourpassword";
ResponseEntity<String> response = restTemplate.postForEntity(authURL, entity, String.class);
System.out.println(response.getBody());