我跟随了这个很棒的芭蕾舞短裙:https://developer.okta.com/blog/2020/01/06/crud-angular-9-spring-boot-2#spring-boot-as-an-oauth-2-0-resource-server
我想在春季部分添加角色。我不想在此Tuto https://developer.okta.com/blog/2018/09/26/build-a-spring-boot-webapp中使用声明,但我想添加海关角色(来自我自己的数据库)。
我试图从WebSecurityConfigurerAdapter覆盖userDetailsService()以使用我的自定义UserDetailService。但是似乎永远不会调用此方法……(请参见println),是吗?
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserRepository userRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
.authorizeRequests()
.antMatchers("/home/**").permitAll()
.antMatchers("/admin/**").hasAuthority("ADMIN")
.anyRequest().authenticated()
.and()
.oauth2Login()
.and()
.oauth2ResourceServer().jwt();
//@formatter:on
}
@Override
protected UserDetailsService userDetailsService() {
return username -> {
System.out.println("yo");
Optional<co.simplon.blog.model.User> user = userRepository.findByName(username);
return User
.withUsername(username)
.password(user.get().getPassword())
.authorities(Arrays.asList(user.get().getRole()))
.accountExpired(false)
.accountLocked(false)
.credentialsExpired(false)
.disabled(false)
.build();
};
}
}
您必须在WebConfigurerSEcurityAdapter中添加UserDetailsService实现:
@Override
public void configure(AuthenticationManagerBuilder builder)
throws Exception {
builder.userDetailsService(new MyUserDetailsService());
}
然后您将看到您的实现将被调用。