Spring's UserDetailsService

问题

I'm trying to configure Spring Security in my Spring Boot application to only allow certain users access certain URL's if they have a particular role i.e a user or admin role that I store when I create my user. I've looked at a couple of examples here that pretty much do what I'm looking for. I'm a bit confused about Spring's UserDetailsService interface and how I should pass a username from my user to the UserDetailsService when trying to access a URL like localhost:8080/addtour. At the moment my code looks like the following:

@Data
@Scope("session")
public class User {

    @Id
    private String id;
    private String userName;
    private String password;
    private List<Role> roles;

My SecurityConfig class:

@Configuration 
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .exceptionHandling()
            .accessDeniedPage("/accessdenied")
            .and()
        .authorizeRequests()
            .antMatchers("/resources/**", "/signup", "/search").permitAll()
            .antMatchers("/viewtour").hasAnyRole("USER", "ADMIN")
            .antMatchers("/addtour").hasAnyRole("ADMIN")
            .and()
        .logout()
            .permitAll()
            .logoutSuccessUrl("/index.html");
    }

    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {  
        auth.userDetailsService(new UserDetailServiceImpl());  
    }

The UserDetailServiceImpl that implements Springs UserDetailService:

public class UserDetailServiceImpl implements UserDetailsService {

    @Autowired
    private UserService userService;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        try {  
            User user = userService.retrieveUserByUserName(username);  
            if (user == null) {  
                return null;  
            }  
            return new org.springframework.security.core.userdetails.User(user.getUserName(), user.getPassword(), getAuthorities(user));  
        } catch (Exception e){  
            throw new UsernameNotFoundException("User not found");  
        }  
    }  

    private Set<GrantedAuthority> getAuthorities(User user){  
        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();  
        for (Role role : user.getRoles()) {  
            GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(role.toString());  
            authorities.add(grantedAuthority);  
        }  
        System.out.println("user authorities are " + authorities.toString());  
        return authorities;  
    }

My Login Page using Thymeleaf:

<!DOCTYPE html SYSTEM "http://www.thymeleaf.org/dtd/xhtml1-strict-thymeleaf-spring4-4.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" />

</head>
<body>
	<div>
		<div class="content">
			<form action="#" th:action="@{/login}" th:object="${user}" method="post">
				<div class="panel panel-default">
					<br />
					<h1 class="panel-title header-tab">
						Login or <a href="/signup.html">Sign Up Here</a>
					</h1>
					<br />
					<div class="panel-body">
						<div class="form-group">
							<label for="inputEmail" class="control-label col-xs-5">Username
								or Email</label>
							<div class="col-xs-7">
								<input type="text" class="form-control" id="inputUsername" th:field="*{userName}" placeholder="Username or Email" />
							</div>
						</div>
						<br/><br/>
						<div class="form-group">
							<label for="inputPassword" class="control-label col-xs-5">Password</label>
							<div class="col-xs-7">
								<input type="password" class="form-control" id="inputPassword" th:field="*{password}" placeholder="Password" />
							</div>
						</div>
						<div class="form-group">
							<div class="col-xs-offset-5 col-xs-10">
								<div class="checkbox">
									<label><input type="checkbox" />Remember Me</label>
								</div>
							</div>
						</div>
						<div class="form-group">
							<div class="col-xs-offset-5 col-xs-7 btn-lg">
								<input type="submit" value="Sign In" class="btn btn-primary btn-block"/>
							</div>
						</div>
					</div>
				</div>
			</form>
		</div>
	</div>
</body>
</html>

回答1:

The parameter names in your login page are wrong, see

• FormLoginConfigurer#usernameParameter:

  The HTTP parameter to look for the username when performing authentication. Default is "username".

• FormLoginConfigurer#passwordParameter:

  The HTTP parameter to look for the password when performing authentication. Default is "password".

Change the names of the parameter in your login page or change the names in your SecurityConfig.

来源：https://stackoverflow.com/questions/40321085/springs-userdetailsservice