本文的目的是介绍SpringSecurity从3.2.7更新到4.0.2时如何处理defaultRolePrefix=“ROLE_”的详细情况,特别关注springsecurity版本的相关信息。我们
本文的目的是介绍Spring Security从3.2.7更新到4.0.2时如何处理defaultRolePrefix =“ ROLE_”的详细情况,特别关注spring security版本的相关信息。我们将通过专业的研究、有关数据的分析等多种方式,为您呈现一个全面的了解Spring Security从3.2.7更新到4.0.2时如何处理defaultRolePrefix =“ ROLE_”的机会,同时也不会遗漏关于Java Spring Security – User.withDefaultPasswordEncoder()已弃用?、No active profile set, falling back to default profiles: default、org.apache.hadoop.security.proto.RefreshAuthorizationPolicyProtocolProtos.RefreshServiceAclResponseProto的实例源码、org.springframework.boot.devtools.restart.server.DefaultSourceFolderUrlFilter的实例源码的知识。
本文目录一览:- Spring Security从3.2.7更新到4.0.2时如何处理defaultRolePrefix =“ ROLE_”(spring security版本)
- Java Spring Security – User.withDefaultPasswordEncoder()已弃用?
- No active profile set, falling back to default profiles: default
- org.apache.hadoop.security.proto.RefreshAuthorizationPolicyProtocolProtos.RefreshServiceAclResponseProto的实例源码
- org.springframework.boot.devtools.restart.server.DefaultSourceFolderUrlFilter的实例源码
Spring Security从3.2.7更新到4.0.2时如何处理defaultRolePrefix =“ ROLE_”(spring security版本)
我的Spring Boot应用程序适用于Spring Security 3.2.7.RELEASE
。现在,我想将其更新为4.0.2.RELEASE
。
经过数小时的调试,我发现Spring Security 4.0.2.RELEASE使用 defaultRolePrefix="ROLE_"
在
org.springframework.security.access.expression.SecurityExpressionRoot.hasAnyAuthorityName(Stringprefix, String... roles)
方法
在我的应用程序中,我使用没有此前缀的角色,因此得到AccessDeniedException
。
如何配置Spring Boot以便使用SecurityExpressionRoot.defaultRolePrefix=""
?
答案1
小编典典我找到了解决方案。我需要将hasRole更改为hasAuthority,例如:
@PreAuthorize("hasAuthority(''PERMISSION_CREATE_NODE'')")
Java Spring Security – User.withDefaultPasswordEncoder()已弃用?
我是java spring security的新手,并且遵循Spring.io tutorial guide.
作为其中的一部分,我根据需要编辑了WebSecurityConfig类:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/","/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user =
User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
在userDetailService()方法中,它使用withDefaultPasswordEncoder(),现在已弃用,如文档中所示:withDefaultPasswordEncoder()
不幸的是,我没有找到替代方案,在不使用弃用方法的情况下完成本教程.
如果可能,有人能为此提供替代方案吗?
谢谢!
注意:我附上了几个错误的屏幕截图,以及我的gradle文件
image 1: The error I am receiving
image 2: My gradle file
User.withDefaultPasswordEncoder()仍然可以用于演示,你不必担心这是你正在做什么 – 即使它已被弃用 – 但在生产中,你的源代码中不应该有纯文本密码.
您应该做什么而不是使用当前的userDetailsService()方法是following:
private static final String ENCODED_PASSWORD = "$2a$10$AIUufK8g6EFhBcumRRV2L.AQNz3Bjp7oDQVFiO5JJMBFZQ6x2/R/2";
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.passwordEncoder(passwordEncoder())
.withUser("user").password(ENCODED_PASSWORD).roles("USER");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
其中ENCODED_PASSWORD是用BCrypt编码的secret123.你也可以像下面这样编程编码:passwordEncoder().encode(“secret123”).
这样,即使您将代码推送到公共存储库,人们也不会知道密码,因为ENCODED_PASSWORD只显示密码的编码版本而不是纯文本版本,但是因为您知道$2a $10 $AIUufK8g6EFhBcumRRV2L.AQNz3Bjp7oDQVFiO5JJMBFZQ6x2 / R / 2实际上是字符串secret123的编码密码,而其他人没有,您的内存用户凭证用户:secret123将不会受到损害.
请注意,为了示例,我将其保留在静态变量中.
No active profile set, falling back to default profiles: default
2019-09-29 17:12:22.933 INFO 8244 --- [ main] c.q.springboot.SpringbootApplication : Starting SpringbootApplication on DESKTOP-RG5H19V with PID 8244 (D:\nums-project\springboot\target\classes started by 12629 in D:\nums-project\springboot)
2019-09-29 17:12:22.938 INFO 8244 --- [ main] c.q.springboot.SpringbootApplication : No active profile set, falling back to default profiles: default
2019-09-29 17:12:23.618 INFO 8244 --- [ main] c.q.springboot.SpringbootApplication : Started SpringbootApplication in 1.19 seconds (JVM running for 2.382)
Disconnected from the target VM, address: ''127.0.0.1:52345'', transport: ''socket''
刚刚创建的项目,启动时候报错为:No active profile set, falling back to default profiles: default
原来是因为缺少了springmvc的依赖:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
org.apache.hadoop.security.proto.RefreshAuthorizationPolicyProtocolProtos.RefreshServiceAclResponseProto的实例源码
@Override public RefreshServiceAclResponseProto refreshServiceAcl( RpcController controller,RefreshServiceAclRequestProto request) throws ServiceException { try { impl.refreshServiceAcl(); } catch (IOException e) { throw new ServiceException(e); } return VOID_REFRESH_SERVICE_ACL_RESPONSE; }
@Override public RefreshServiceAclResponseProto refreshServiceAcl( RpcController controller,RefreshServiceAclRequestProto request) throws ServiceException { try { impl.refreshServiceAcl(); } catch (IOException e) { throw new ServiceException(e); } return VOID_REFRESH_SERVICE_ACL_RESPONSE; }
@Override public RefreshServiceAclResponseProto refreshServiceAcl( RpcController controller,RefreshServiceAclRequestProto request) throws ServiceException { try { impl.refreshServiceAcl(); } catch (IOException e) { throw new ServiceException(e); } return VOID_REFRESH_SERVICE_ACL_RESPONSE; }
@Override public RefreshServiceAclResponseProto refreshServiceAcl( RpcController controller,RefreshServiceAclRequestProto request) throws ServiceException { try { impl.refreshServiceAcl(); } catch (IOException e) { throw new ServiceException(e); } return VOID_REFRESH_SERVICE_ACL_RESPONSE; }
@Override public RefreshServiceAclResponseProto refreshServiceAcl( RpcController controller,RefreshServiceAclRequestProto request) throws ServiceException { try { impl.refreshServiceAcl(); } catch (IOException e) { throw new ServiceException(e); } return VOID_REFRESH_SERVICE_ACL_RESPONSE; }
@Override public RefreshServiceAclResponseProto refreshServiceAcl( RpcController controller,RefreshServiceAclRequestProto request) throws ServiceException { try { impl.refreshServiceAcl(); } catch (IOException e) { throw new ServiceException(e); } return VOID_REFRESH_SERVICE_ACL_RESPONSE; }
@Override public RefreshServiceAclResponseProto refreshServiceAcl( RpcController controller,RefreshServiceAclRequestProto request) throws ServiceException { try { impl.refreshServiceAcl(); } catch (IOException e) { throw new ServiceException(e); } return VOID_REFRESH_SERVICE_ACL_RESPONSE; }
@Override public RefreshServiceAclResponseProto refreshServiceAcl( RpcController controller,RefreshServiceAclRequestProto request) throws ServiceException { try { impl.refreshServiceAcl(); } catch (IOException e) { throw new ServiceException(e); } return VOID_REFRESH_SERVICE_ACL_RESPONSE; }
@Override public RefreshServiceAclResponseProto refreshServiceAcl( RpcController controller,RefreshServiceAclRequestProto request) throws ServiceException { try { impl.refreshServiceAcl(); } catch (IOException e) { throw new ServiceException(e); } return VOID_REFRESH_SERVICE_ACL_RESPONSE; }
@Override public RefreshServiceAclResponseProto refreshServiceAcl( RpcController controller,RefreshServiceAclRequestProto request) throws ServiceException { try { impl.refreshServiceAcl(); } catch (IOException e) { throw new ServiceException(e); } return VOID_REFRESH_SERVICE_ACL_RESPONSE; }
org.springframework.boot.devtools.restart.server.DefaultSourceFolderUrlFilter的实例源码
@Bean @ConditionalOnMissingBean public SourceFolderUrlFilter remoteRestartSourceFolderUrlFilter() { return new DefaultSourceFolderUrlFilter(); }
@Bean @ConditionalOnMissingBean public SourceFolderUrlFilter remoteRestartSourceFolderUrlFilter() { return new DefaultSourceFolderUrlFilter(); }
@Bean @ConditionalOnMissingBean public SourceFolderUrlFilter remoteRestartSourceFolderUrlFilter() { return new DefaultSourceFolderUrlFilter(); }
今天的关于Spring Security从3.2.7更新到4.0.2时如何处理defaultRolePrefix =“ ROLE_”和spring security版本的分享已经结束,谢谢您的关注,如果想了解更多关于Java Spring Security – User.withDefaultPasswordEncoder()已弃用?、No active profile set, falling back to default profiles: default、org.apache.hadoop.security.proto.RefreshAuthorizationPolicyProtocolProtos.RefreshServiceAclResponseProto的实例源码、org.springframework.boot.devtools.restart.server.DefaultSourceFolderUrlFilter的实例源码的相关知识,请在本站进行查询。
本文标签: