我正在开发一个Spring Boot Web应用程序。问题出在登录方案中。假设我有一个用用户名“ Ali”注册的用户。该用户可以使用用户名“ Ali”或“ ali”登录。下面的代码代表了我的spring安全配置类。似乎在比较时,Spring Boot不会检查大写小写因子,但我希望对其进行检查。
软件包ir.saafta.conf;
导入ir.saafta.repo.EventRepository;
导入org.springframework.beans.factory.annotation.Autowired;
导入org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
导入org.springframework.context.annotation.Bean;
导入org.springframework.context.annotation.Configuration;
导入org.springframework.http.HttpMethod;
导入org.springframework.security.authentication.AuthenticationProvider;
导入org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
导入org.springframework.security.config.annotation.web.builders.HttpSecurity;
导入org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
导入org.springframework.security.core.Authentication;
导入org.springframework.security.core.AuthenticationException;
导入org.springframework.security.core.session.SessionRegistry;
导入org.springframework.security.core.session.SessionRegistryImpl;
导入org.springframework.security.core.userdetails.UserDetailsService;
导入org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
导入org.springframework.security.web.AuthenticationEntryPoint;
导入org.springframework.security.web.authentication.AuthenticationFailureHandler;
导入org.springframework.security.web.authentication.AuthenticationSuccessHandler;
导入org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
导入org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
导入org.springframework.security.web.header.writers.StaticHeadersWriter;
导入org.springframework.security.web.session.HttpSessionEventPublisher;
导入org.springframework.web.servlet.config.annotation.CorsRegistry;
导入org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
导入org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
导入javax.sql.DataSource;
/ **
*由reza在16/12/12创建。
* /
@组态
公共类SecurityConf扩展了WebSecurityConfigurerAdapter {
@Autowired
私有DataSource数据源;
@Autowired
私有EventRepository eventRepository;
//注册HttpSessionEventPublisher
@豆
公共静态ServletListenerRegistrationBean httpSessionEventPublisher(){
返回新的ServletListenerRegistrationBean(new HttpSessionEventPublisher());
}
@Override
受保护的void configure(HttpSecurity http)抛出异常{
http.authorizeRequests()
// .antMatchers(HttpMethod.POST,“ / users /”)。permitAll()
.antMatchers(HttpMethod.GET,“ / **”)。permitAll()
.antMatchers(HttpMethod.POST,“ / **”)。permitAll()
.antMatchers(HttpMethod.PUT,“ / **”)。permitAll()
.antMatchers(HttpMethod.DELETE,“ / **”)。permitAll()
.antMatchers(“ / swagger *”)。permitAll()
//。anyRequest()。permitAll()
//。and()。csrf()。disable();
.anyRequest()。authenticated()
.and()。httpBasic()
.and()。formLogin()。successHandler(restAuthenticationSuccessHandler())。failureHandler(restAuthenticationFailureHandler())
.and()。logout()。logoutSuccessHandler(restLogoutSuccessHandler())
.and()。exceptionHandling()。authenticationEntryPoint(restAuthenticationEntryPoint())
.and()。csrf()。disable()。cors()// TODO准备就绪后启用csrf
.and()。sessionManagement()。maximumSessions(1).maxSessionsPreventsLogin(true).sessionRegistry(sessionRegistry());
http.headers()。cacheControl()。disable()
.addHeaderWriter(new StaticHeadersWriter(“ WWW-Authenticate”,“ xBasic realm = \” fake \“”)));
}
@豆
public SessionRegistry sessionRegistry(){
SessionRegistry sessionRegistry = new SessionRegistryImpl();
返回sessionRegistry;
}
@豆
公共WebMvcConfigurer corsConfigurer(){
返回新的WebMvcConfigurerAdapter(){
@Override
public void addCorsMappings(CorsRegistry注册表){
Registry.addMapping(“ / **”)。allowedOrigins(“ *”)。allowedMethods(“ PUT”,“ POST”,“ GET”,“ DELETE”,“ HEAD”);
}
};
}
@SuppressWarnings(“ SpringJavaAutowiringInspection”)
@Autowired
公共无效configureGlobal(AuthenticationManagerBuilder auth,UserDetailsService userDetailsService)引发异常{
/ *验证
.jdbcAuthentication()。usersByUsernameQuery(“选择从用户名启用的用户名,密码,“ true”,其中用户名=?”)
.authoritiesByUsernameQuery(“选择用户名,从授权机构那里授权用户名=?”)
.dataSource(数据源).passwordEncoder(新的BCryptPasswordEncoder()); * /
auth.userDetailsService(userDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
}
@豆
public AuthenticationEntryPoint restAuthenticationEntryPoint(){
返回新的RestAuthenticationEntryPoint();
}
@豆
公共AuthenticationFailureHandler restAuthenticationFailureHandler(){
返回新的SimpleUrlAuthenticationFailureHandler();
}
@豆
公共AuthenticationSuccessHandler restAuthenticationSuccessHandler(){
返回新的RESTAuthenticationSuccessHandler(eventRepository);
}
@豆
公共LogoutSuccessHandler restLogoutSuccessHandler(){
返回新的RESTLogoutSuccessHandler(eventRepository);
}
}
我还在equals类中实现了User方法:
@Override
public boolean equals(Object o){
如果(this == o)返回true;
如果(!(o instanceof User))返回false;
用户用户=(用户)o;
如果(!getUsername()。equals(user.getUsername()))返回false;
如果(getName()!= null?!getName()。equals(user.getName()):user.getName()!= null)返回false;
if(getFamily()!= null?!getFamily()。equals(user.getFamily()):user.getFamily()!= null)返回false;
if(getPassword()!= null?!getPassword()。equals(user.getPassword()):user.getPassword()!= null)
返回false;
返回getMobilePhone()!= null吗? getMobilePhone()。equals(user.getMobilePhone()):user.getMobilePhone()== null;
}
最佳答案
您能否尝试更改用户名列:
ALTER TABLE USERS MODIFY username VARCHAR(50) BINARY
关于spring - Spring Boot安全考虑不区分大小写的用户名登录,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/44821863/