Xuwanxin security PasswordEncoder Error

2022-09-30 16:23:29 +08:00 · 2022-09-30 16:23:29 +08:00 · 4154770009
commit 4154770009
parent 1e10c437e8
6 changed files with 27 additions and 11 deletions
--- a/inventory-ent/pom.xml
+++ b/inventory-ent/pom.xml
@ -211,7 +211,6 @@
            <scope>compile</scope>
        </dependency>
    </dependencies>
-
    <build>
        <plugins>
            <plugin>
--- a/inventory-ent/src/main/java/com/rzyc/config/SecurityConfig.java
+++ b/inventory-ent/src/main/java/com/rzyc/config/SecurityConfig.java
@ -36,10 +36,6 @@ public class SecurityConfig  extends WebSecurityConfigurerAdapter {
     */
    private UserDetailsService userService;

-    /**
-     * 数据库用户连接
-     */
-    private PasswordEncoder passwordEncoder;

    /**
     * token jwt 验证拦截器
@ -47,9 +43,8 @@ public class SecurityConfig  extends WebSecurityConfigurerAdapter {
    private JwtAuthenticationTokenFiler jwtAuthenticationTokenFiler;

    @Autowired
-    public void setSecurityConfigFinder(UserDetailsService userService,PasswordEncoder passwordEncoder,JwtAuthenticationTokenFiler jwtAuthenticationTokenFiler) {
+    public void setSecurityConfigFinder(UserDetailsService userService,JwtAuthenticationTokenFiler jwtAuthenticationTokenFiler) {
        this.userService = userService;
-        this.passwordEncoder = passwordEncoder;
        this.jwtAuthenticationTokenFiler = jwtAuthenticationTokenFiler;
    }

@ -97,7 +92,7 @@ public class SecurityConfig  extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 配置数据库访问，认证步骤
-        auth.userDetailsService(userService).passwordEncoder(passwordEncoder);
+        auth.userDetailsService(userService);
    }

 }
--- a/inventory-ent/src/main/java/com/rzyc/config/UserDetailsServiceImpl.java
+++ b/inventory-ent/src/main/java/com/rzyc/config/UserDetailsServiceImpl.java
@ -11,6 +11,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.List;
 import java.util.Objects;

@ -33,6 +34,8 @@ public class UserDetailsServiceImpl implements UserDetailsService {
     * */
    private EntUserMapper entUserMapper;

+
+
    @Autowired
    public void UserDetailsServiceImplFinder(PasswordEncoder passwordEncoder,EntUserMapper entUserMapper) {
        this.passwordEncoder = passwordEncoder;
@ -49,10 +52,12 @@ public class UserDetailsServiceImpl implements UserDetailsService {
        if (Objects.isNull(entUser)){
            throw new UsernameNotFoundException("用户名或密码错误");
        }
+
            // 获取用户权限
            List<GrantedAuthority> authority= new ArrayList<GrantedAuthority>();
            //给通过登陆的进行role权限，也可以根据业务调整
            authority.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
+
        return new EntUserDetails(entUser.getName(), passwordEncoder.encode(entUser.getPasswd()), authority,entUser.getEntUserId());

    }
--- a/inventory-ent/src/main/java/com/rzyc/controller/PersonalController.java
+++ b/inventory-ent/src/main/java/com/rzyc/controller/PersonalController.java
@ -155,7 +155,7 @@ public class PersonalController extends BaseController{
            @ApiImplicitParam(name = "postId", value = "企业用户岗位id",required = false, dataType = "string"),
    })
    @PostMapping(value = "/entUserTree")
-    @PreAuthorize("hasRole('ADMIN')")
+    @PreAuthorize("hasAnyAuthority('PERSONAL:ENTUSERTREE','PERSONAL:ENTUSERTREE:UPDATE')")
    @ResponseBody
    public SingleResult<List<EntUser>> entUserTree(String enterpriseId, String postId)throws Exception{
        return  pcBusinessService.entUserTree(enterpriseId,postId);
--- a/inventory-ent/src/main/java/com/rzyc/filter/JwtAuthenticationTokenFiler.java
+++ b/inventory-ent/src/main/java/com/rzyc/filter/JwtAuthenticationTokenFiler.java
@ -64,7 +64,7 @@ public class JwtAuthenticationTokenFiler extends OncePerRequestFilter {
            filterChain.doFilter(request, response);
        }catch (AccessDeniedException e){
            System.out.println("权限失败");
-            throw new CustomException("无权限");
+            throw new CustomException("无权限操作");
        }catch (Exception e){
           e.printStackTrace();
        }
--- a/inventory-gov/pom.xml
+++ b/inventory-gov/pom.xml
@ -193,6 +193,23 @@
        </dependency>
        <!-- 配置文件密码加密 end -->

+        <!-- spring security start -->
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+            <version>5.2.2.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>5.2.2.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>5.7.3</version>
+        </dependency>
+        <!-- spring security end -->

    </dependencies>