Spring Boot Security 403「アクセス拒否」
mfaisalhyder:
RESTFul API(Webアプリではない)を作成していて、Spring Securityを追加していますが、正常に実行できません。
ここで、stackoverflowに関する多くの記事と投稿を確認した後、ようやく質問を投稿します。親切にそれを調べて、私が欠けているものや間違って設定しているものを教えてください?
基本エンティティ
@MappedSuperclass
@EntityListeners(AuditingEntityListener.class)
abstract class BaseEntity implements Serializable {
@Id
@GeneratedValue(strategy = GenerationType.SEQUENCE)
@Column(name = "ID", nullable = false, updatable = false)
private Long ID;
@CreatedBy
@Column(name = "CreatedBy", nullable = false, updatable = false)
private String createdBy;
@CreatedDate
@Column(name = "CreatedDate", nullable = false, updatable = false)
private LocalDateTime createdDate;
@LastModifiedBy
@Column(name = "ModifiedBy")
private String modifiedBy;
@LastModifiedDate
@Column(name = "ModifiedDate")
private LocalDateTime modifiedDate;
...getters setters
}
役割エンティティ
@Entity
@Table(name = "ROLE")
public class Role extends BaseEntity {
@Column(name = "Name")
private String name;
...getters setters
}
ユーザーエンティティ
@Entity
@Table(name = "USER")
public class User extends BaseEntity {
@Column(name = "EmiratesID", unique = true, nullable = false, updatable = false)
private String emiratesID;
@Column(name = "FirstName")
private String firstName;
@Column(name = "LastName")
private String lastName;
@Column(name = "StaffID", unique = true, nullable = false, updatable = false)
private String staffID;
@Column(name = "Email", unique = true, nullable = false)
private String email;
@Column(name = "Password", nullable = false)
private String password;
@ManyToOne(optional = false, cascade = CascadeType.MERGE)
@JoinColumn(name = "ROLE_ID")
private Role role;
...getters setters
public UserDetails currentUserDetails() {
return CurrentUserDetails.create(this);
}
}
SecurtiyConfigクラス
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final DataSource dataSource;
private final UserDetailsServiceImplementation userDetailsService;
@Autowired
public SecurityConfig(final DataSource dataSource, final UserDetailsServiceImplementation userDetailsService) {
this.dataSource = dataSource;
this.userDetailsService = userDetailsService;
}
@Bean
BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests()
.antMatchers("/console/**").permitAll()
.antMatchers("/", "/greetUser", "/register", "/login").permitAll()
.antMatchers("/user/**").hasAnyAuthority(ROLES.USER.getValue(), ROLES.ADMIN.getValue())
.antMatchers("/admin/**").hasAuthority(ROLES.ADMIN.getValue()).anyRequest().authenticated();
httpSecurity.csrf().disable();
// required to make H2 console work with Spring Security
httpSecurity.headers().frameOptions().disable();
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
public void configure(WebSecurity webSecurity) {
webSecurity.ignoring().antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/images/**");
}
CurrentUserDetails
public class CurrentUserDetails implements UserDetails {
private String ROLE_PREFIX = "ROLE_";
private Long userID;
private String emiratesID;
private String firstName;
private String lastName;
private String staffID;
private String email;
private String password;
private Role role;
public CurrentUserDetails(Long ID, String emiratesID, String firstName,
String lastName, String staffID, String email,
String password, Role role) {
super();
this.userID = ID;
this.emiratesID = emiratesID;
this.firstName = firstName;
this.lastName = lastName;
this.staffID = staffID;
this.email = email;
this.password = password;
this.role = role;
}
public Long getUserID() {
return userID;
}
public String getEmiratesID() {
return emiratesID;
}
public String getEmail() {
return this.email;
}
public Role getRole() {
return this.role;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> grantedAuthority = new ArrayList<>();
grantedAuthority.add(new SimpleGrantedAuthority(ROLE_PREFIX + role.getName()));
return grantedAuthority;
}
@Override
public String getPassword() {
return this.password;
}
@Override
public String getUsername() {
return this.email;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
/**
* Helper method to add all details of Current User into Security User Object
* @param user User
* @return UserDetails
*/
public static UserDetails create(User user) {
return new CurrentUserDetails(user.getID(), user.getEmiratesID(),
user.getFirstName(), user.getLastName(),
user.getStaffID(), user.getEmail(),
user.getPassword(), user.getRole());
}
}
UserDetailsService
@Component/@Service
public class UserDetailsServiceImplementation implements UserDetailsService {
private static final Logger userDetailsServiceImplementationLogger = LogManager.getLogger(UserDetailsServiceImplementation.class);
private final UserRepository userRepository;
@Autowired
public UserDetailsServiceImplementation(final UserRepository userRepository) {
this.userRepository = userRepository;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
if (StringUtils.isEmpty(username)) {
userDetailsServiceImplementationLogger.error("UserDetailsServiceImplementation.loadUserByUsername() :: FAILED");
throw new UsernameNotFoundException("UserName is not passed");
}
User userFound = userRepository.findByEmail(username);
if (userFound == null) {
userDetailsServiceImplementationLogger.error("No user found with given username = {}", username);
throw new UsernameNotFoundException("No user found with given username");
}
return userFound.currentUserDetails();
}
}
UserControllerクラス
@RestController
@RequestMapping(value = "/user")
public class UserController {
private static Logger userControllerLogger = LogManager.getLogger(UserController.class);
@Autowired
private PropertiesConfig propertiesConfig;
@Autowired
private UserManager userManager;
@RequestMapping(value = "/listAll", method = RequestMethod.GET)
public ResponseEntity<Map<String, Object>> getUsersList() {
userControllerLogger.info("UserController.getUsersList()[/listAll] :: method call ---- STARTS");
LinkedHashMap<String, Object> result = userManager.findAllUsers();
userControllerLogger.info("UserController.getUsersList()[/listAll] :: method call ---- ENDS");
return new ResponseEntity<>(result, HttpStatus.OK);
}
}
AdminContrllerクラス
@RestController
@RequestMapping(value = "/admin")
public class AdminController {
private static final Logger adminControllerLogger = LogManager.getLogger(AdminController.class);
private final PropertiesConfig propertiesConfig;
private final UserManager userManager;
@Autowired
public AdminController(final PropertiesConfig propertiesConfig, final UserManager userManager) {
this.propertiesConfig = propertiesConfig;
this.userManager = userManager;
}
@RequestMapping(value = "/home", method = {RequestMethod.GET})
public ResponseEntity<String> adminPortal(@RequestBody String adminName) {
adminControllerLogger.info("AdminController.adminPortal()[/home] :: method call ---- STARTS");
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
UserDTO adminUser = userManager.findUserByEmail(auth.getName());
if (adminUser == null) {
throw new UsernameNotFoundException(propertiesConfig.getProperty(ApplicationProperties.Messages.NO_USER_FOUND.getValue()));
}
adminControllerLogger.info("AdminController.adminPortal()[/home] :: method call ---- ENDS");
return new ResponseEntity<>(ApplicationConstants.GeneralConstants.WELCOME.getValue() + adminUser.getStaffID(), HttpStatus.OK);
}
}
data.sql
ROLE_USER / ADMINとUSER / ADMINの両方の値を試してみました
INSERT INTO ROLE(ID, CreatedBy, CreatedDate, ModifiedBy, ModifiedDate, Name) VALUES (-100, 'Muhammad Faisal Hyder', now(), '', null, 'ROLE_ADMIN'/'ADMIN')
INSERT INTO ROLE(ID, CreatedBy, CreatedDate, ModifiedBy, ModifiedDate, Name) VALUES (-101, 'Muhammad Faisal Hyder', now(), '', null, 'ROLE_USER'/'USER')
INSERT INTO USER(ID, CreatedBy, CreatedDate, ModifiedBy, ModifiedDate, EmiratesID, FirstName, LastName, Email, StaffID, Password, ROLE_ID) VALUES (-1, 'Muhammad Faisal Hyder', now(), '', null, 'ABCDEF12345', 'Muhammad Faisal', 'Hyder', '[email protected]', 'S776781', '$2a$10$qr.SAgYewyCOh6gFGutaWOQcCYMFqSSpbVZo.oqsc428xpwoliu7C', -100)
INSERT INTO USER(ID, CreatedBy, CreatedDate, ModifiedBy, ModifiedDate, EmiratesID, FirstName, LastName, Email, StaffID, Password, ROLE_ID) VALUES (-2, 'Muhammad Faisal Hyder', now(), '', null, 'BCDEFG12345', 'John', 'Smith', '[email protected]', 'S776741', '$2a$10$j9IjidIgwDfNGjNi8UhxAeLuoO8qgr/UH9W9.LmWJd/ohynhI7UJO', -101)
必要だと思うクラスをすべて添付しました。何が問題かを教えてください。
私が通過した記事。SO-1、SO-2、SO-3、SO-4、Article-1、Article-2
解決した
@durそれを指摘してくれたあなたや他の人たちの有益な洞察に感謝します。
1- Use ROLE_ in db entries.
2- Once prefix is added in db then no need to explicitly add this in
@Override
public Collection<? extends GrantedAuthority> getAuthorities(){...}
3- .and().httpBasic(); was missing from SpringSecurity configuration.
4- This is very detailed, might be helpful to others as well.
mfaisalhyder:
@durがコメントで指摘したように、私の質問に回答を追加しています。
1- Use ROLE_ in db entries.
2- Once prefix is added in db then no need to explicitly add this in
@Override
public Collection<? extends GrantedAuthority> getAuthorities(){...}
3- .and().httpBasic(); was missing from SpringSecurity configuration.
この投稿は非常に詳細なので、他の人にも役立つかもしれません。正解については、私のgitリポジトリを親切に参照してください
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
編集
- 前の投稿:JBAS014613:操作( "展開")が失敗しました-アドレス:([( "展開" => "test.war")])
- 次の投稿:Preventing updation of records through a POST request in Spring Data Rest
関連記事
Related 関連記事
- 1
Spring Security4.1のアップグレード-エラー403アクセスが拒否されました
- 2
Spring Security4.1のアップグレード-エラー403アクセスが拒否されました
- 3
Spring Security4.1のアップグレード-エラー403アクセスが拒否されました
- 4
Spring Boot + Spring Boot Security Start Error
- 5
CORS problems with spring boot security
- 6
Spring Security OAuth2はRESTサービスでアクセスを拒否されます
- 7
java.security.AccessControlException:アクセスが拒否されました( "java.lang.RuntimePermission" "accessClassInPackage.sun.reflect.annotation")Spring
- 8
java.security.AccessControlException:アクセスが拒否されました( "java.lang.RuntimePermission" "accessClassInPackage.sun.reflect.annotation")Spring
- 9
What are Spring Security default credentials for Spring Boot?
- 10
Spring Boot 2、Spring Security 5、@ WithMockUser
- 11
ユーザー '' @ 'localhost'のアクセスが拒否されました(パスワードを使用:NO)spring-boot
- 12
Spring Boot Amazon AWS S3バケットファイルのダウンロード-アクセス拒否
- 13
Spring Security-アクセスが拒否されました(ユーザーは匿名ではありません)spring-security-core-4.0.3.RELEASE
- 14
Spring Boot SecurityでのNoSuchMethodError
- 15
Spring Boot Security:java.lang.StackOverflowError
- 16
Spring Boot Security CORS with POST request
- 17
Spring BootアプリでSpring Securityを無効にする
- 18
Spring Boot + Spring Securityのカスタムログインページ
- 19
Spring Boot Security + Thymeleaf:IProcessorDialectクラスがない
- 20
Spring Security Accessは投稿後403を拒否しました
- 21
Spring Boot Securityを使用してFacebookからアクセストークンを取得する方法
- 22
spring-security-javaconfigでアクセス拒否ハンドラを追加するにはどうすればよいですか
- 23
Spring SecurityとKeycloakによって「アクセスが拒否されました」というエラーが表示されるのはなぜですか?
- 24
Spring SecurityのhasPermissionを使用している場合、ページへのアクセスが拒否されました
- 25
Spring BootとSpring Securityでjavafxクライアントを使用する
- 26
Spring Boot 2.0 M6(Spring Security 5.0)のoAuth2RESTクライアント
- 27
Spring BootとOAuth 2によるSpring Security
- 28
Application does not start with Spring Boot 1.2.1 + Spring Security + Servlet 2.5
- 29
Application does not start with Spring Boot 1.2.1 + Spring Security + Servlet 2.5
コメントを追加