Пользовательский AuthenticationSuccessHandler Spring Security игнорируется, и я не могу войти в сеанс

Пользовательский AuthenticationSuccessHandler Spring Security игнорируется, и я не могу войти в сеанс ⇐ JAVA

1 сообщение • Страница 1 из 1

Anonymous

Пользовательский AuthenticationSuccessHandler Spring Security игнорируется, и я не могу войти в сеанс

Цитата

Сообщение Anonymous » 30 ноя 2024, 19:17

Я делаю простое приложение Spring Boot, но у меня проблема с сеансом. Я хотел бы установить «customerId», когда клиент входит в приложение, но это не работает, и мой идентификатор клиента всегда равен нулю. Вот мой код:
// Это моя безопасность

Код: Выделить всё

@Configuration
@EnableWebSecurity
public class SecurityConfig {

private final CustomerService customerService;
private final PasswordEncoder passwordencoder;
private final CustomAuthenticationSuccessHandler successHandler;

@Autowired
public SecurityConfig(CustomerService customerService, PasswordEncoder passwordencoder,
CustomAuthenticationSuccessHandler successHandler) {
this.customerService = customerService;
this.passwordencoder = passwordencoder;
this.successHandler = successHandler;
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http, CustomerRepositor customerRepository) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(authorize -> authorize
.anyRequest().permitAll()
)
.formLogin(form -> form
.loginPage("/api/login")
.successHandler(successHandler)
)
.httpBasic(Customizer.withDefaults())
.exceptionHandling(exception -> exception
.accessDeniedHandler((request, response, customAccessDeniedException) -> {
response.setStatus(403);
response.getWriter().write("Access denied! Sorry, you haven't got permission " +
"to access this page!");
})
)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
);
return http.build();
}
@Bean
public AuthenticationManager authManager(HttpSecurity http) throws Exception {
AuthenticationManagerBuilder authenticationManagerBuilder =
http.getSharedObject(AuthenticationManagerBuilder.class);
authenticationManagerBuilder
.userDetailsService(customerService)
.passwordEncoder(passwordencoder);
return authenticationManager Builder.build();
}

Может быть, метод не находит адрес электронной почты в моей базе данных?

Код: Выделить всё

 @Component
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler   {

private final CustomerRepository customerRepository;

@Autowired
public CustomAuthenticationSuccessHandler(CustomerRepository customerRepository) {
this.customerRepository = customerRepository;
}

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse    response, Authentication authentication) throws IOException, ServletException {
HttpSession session = request.getSession();

UserDetails userDetails = (UserDetails) authentication.getPrincipal();
Customer customer = customerRepository.findByEmail(userDetails.getUsername());
session.setAttribute("customerId", customer.getId());

response.sendRedirect("/api/login");
}
}

Я использую в PostMan способ входа в систему «Basic Auth».

Код: Выделить всё

@RestController
@RequestMapping("/api")
public class LoginController {

private final Logger log = LoggerFactory.getLogger(LoginController.class);

@GetMapping("/login")
public ResponseEntity getLoggedInUser(HttpSession session) {
Object customerId = session.getAttribute("customerId");
log.info("User has logged in");
return new ResponseEntity("CustomerId: " + customerId, HttpStatus.OK);
}

Запрос в моем репозитории:

Код: Выделить всё

@Repository
public interface CustomerRepository extends JpaRepository {

@Query("SELECT c FROM Customer c WHERE c.email = :email")
Customer findByEmail(@Param("email") String email);

Я не упомянул, но я создаю своего пользователя другим методом. Боже мой, мне нравятся испытания

Код: Выделить всё

@Service
@Transactional(isolation = Isolation.SERIALIZABLE)
public class CustomerService implements UserDetailsService {

private final CustomerRepository customerRepository;
private final CustomerMapper customerMapper;
private final PasswordEncoder passwordEncoder;
private final ProductService productService;

@Autowired
public CustomerService(CustomerRepository customerRepository,
CustomerMapper customerMapper,
PasswordEncoder passwordEncoder, ProductService productService) {

this.customerRepository = customerRepository;
this.customerMapper = customerMapper;
this.passwordEncoder = passwordEncoder;
this.productService = productService;
}

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Customer user = customerRepository.findByEmail(username);
if (user == null) {
throw new UsernameNotFoundException("User not found with email: " + username);
}

String role = user.getUserRole().getRole();
List authorities = List.of(new SimpleGrantedAuthority(role));

return User
.withUsername(user.getEmail())
.password(user.getPassword())
.authorities(authorities)
.build();
}

Может ли кто-нибудь мне помочь?

Подробнее здесь: https://stackoverflow.com/questions/792 ... cant-set-i

1732983428

Anonymous

Я делаю простое приложение Spring Boot, но у меня проблема с сеансом. Я хотел бы установить «customerId», когда клиент входит в приложение, но это не работает, и мой идентификатор клиента всегда равен нулю. Вот мой код:
// Это моя безопасность
[code]@Configuration
@EnableWebSecurity
public class SecurityConfig {

private final CustomerService customerService;
private final PasswordEncoder passwordencoder;
private final CustomAuthenticationSuccessHandler successHandler;

@Autowired
public SecurityConfig(CustomerService customerService, PasswordEncoder passwordencoder,
CustomAuthenticationSuccessHandler successHandler) {
this.customerService = customerService;
this.passwordencoder = passwordencoder;
this.successHandler = successHandler;
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http, CustomerRepositor customerRepository) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(authorize -> authorize
.anyRequest().permitAll()
)
.formLogin(form -> form
.loginPage("/api/login")
.successHandler(successHandler)
)
.httpBasic(Customizer.withDefaults())
.exceptionHandling(exception -> exception
.accessDeniedHandler((request, response, customAccessDeniedException) -> {
response.setStatus(403);
response.getWriter().write("Access denied! Sorry, you haven't got permission " +
"to access this page!");
})
)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
);
return http.build();
}
@Bean
public AuthenticationManager authManager(HttpSecurity http) throws Exception {
AuthenticationManagerBuilder authenticationManagerBuilder =
http.getSharedObject(AuthenticationManagerBuilder.class);
authenticationManagerBuilder
.userDetailsService(customerService)
.passwordEncoder(passwordencoder);
return authenticationManager Builder.build();
}

[/code]
Может быть, метод не находит адрес электронной почты в моей базе данных?
[code] @Component
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler   {

private final CustomerRepository customerRepository;

@Autowired
public CustomAuthenticationSuccessHandler(CustomerRepository customerRepository) {
this.customerRepository = customerRepository;
}

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse    response, Authentication authentication) throws IOException, ServletException {
HttpSession session = request.getSession();

UserDetails userDetails = (UserDetails) authentication.getPrincipal();
Customer customer = customerRepository.findByEmail(userDetails.getUsername());
session.setAttribute("customerId", customer.getId());

response.sendRedirect("/api/login");
}
}
[/code]
Я использую в PostMan способ входа в систему «Basic Auth».
[code]@RestController
@RequestMapping("/api")
public class LoginController {

private final Logger log = LoggerFactory.getLogger(LoginController.class);

@GetMapping("/login")
public ResponseEntity getLoggedInUser(HttpSession session) {
Object customerId = session.getAttribute("customerId");
log.info("User has logged in");
return new ResponseEntity("CustomerId: " + customerId, HttpStatus.OK);
}
[/code]
Запрос в моем репозитории:
[code]@Repository
public interface CustomerRepository extends JpaRepository {

@Query("SELECT c FROM Customer c WHERE c.email = :email")
Customer findByEmail(@Param("email") String email);
[/code]
Я не упомянул, но я создаю своего пользователя другим методом.  Боже мой, мне нравятся испытания :D
[code]@Service
@Transactional(isolation = Isolation.SERIALIZABLE)
public class CustomerService implements UserDetailsService {

private final CustomerRepository customerRepository;
private final CustomerMapper customerMapper;
private final PasswordEncoder passwordEncoder;
private final ProductService productService;

@Autowired
public CustomerService(CustomerRepository customerRepository,
CustomerMapper customerMapper,
PasswordEncoder passwordEncoder, ProductService productService) {

this.customerRepository = customerRepository;
this.customerMapper = customerMapper;
this.passwordEncoder = passwordEncoder;
this.productService = productService;
}

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Customer user = customerRepository.findByEmail(username);
if (user == null) {
throw new UsernameNotFoundException("User not found with email: " + username);
}

String role = user.getUserRole().getRole();
List authorities = List.of(new SimpleGrantedAuthority(role));

return User
.withUsername(user.getEmail())
.password(user.getPassword())
.authorities(authorities)
.build();
}
[/code]
Может ли кто-нибудь мне помочь? 

Подробнее здесь: [url]https://stackoverflow.com/questions/79238642/spring-security-custom-authenticationsuccesshandler-is-ignored-and-i-cant-set-i[/url]