使用vaadin 23建立弹簧

发布于 2025-01-23 20:45:08 字数 3691 浏览 0 评论 0原文

我一直在尝试使用Vaadin 23和Spring Boot设置一个项目，但是我很难设置安全性和身份验证。如果需要，我可以提供更多代码。有3种类型的用户：管理员，客户，厨师，但我不知道缺少什么。

有一个由邮件获得用户的费用的授权项目in： https：//github.com/nachoestevo/nachoestevo/nachoestevo/homecooking/homecooking/homecooking/tree/master/src/src

主要问题是，由于已经创建了SecurityConfig类和SecurityUtils类，因此该应用程序与前端有问题。

@Configuration
@EnableWebSecurity
public class SecurityConfig extends VaadinWebSecurityConfigurerAdapter {
        @Resource(name = "authService")
        private UserDetailsService userDetailsService;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
                super.configure(http);
                setLoginView(http, PreLoginView.class);


        }
        @Override
        public void configure(WebSecurity web) throws Exception {
                        web.ignoring().antMatchers(
                                "/images/**"
                        );
                        super.configure(web);
                }

        @Bean
        public BCryptPasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser("user").password("{noop}userpass").roles("CLIENT");
        }

        @Bean
        public DaoAuthenticationProvider createDaoAuthenticationProvider() {
                DaoAuthenticationProvider provider = new DaoAuthenticationProvider();

                provider.setUserDetailsService(userDetailsService);
                provider.setPasswordEncoder(passwordEncoder());
                return provider;
        }

}

public class SecurityUtils {

    static boolean isUserLoggedIn() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return authentication != null
                && !(authentication instanceof AnonymousAuthenticationToken)
                && authentication.isAuthenticated();
    }
    static boolean isFrameworkInternalRequest(HttpServletRequest request) {
        final String parameterValue = request.getParameter(ApplicationConstants.REQUEST_TYPE_PARAMETER);
        return parameterValue != null
                && Stream.of(HandlerHelper.RequestType.values()).anyMatch(r -> r.getIdentifier().equals(parameterValue));
    }

    public static boolean isAccessGranted(Class<?> securedClass) {
        // Allow if no roles are required.
        Secured secured = AnnotationUtils.findAnnotation(securedClass, Secured.class);
        if (secured == null) {
            return true; // (1)
        }

        // lookup needed role in user roles
        List<String> allowedRoles = Arrays.asList(secured.value());
        Authentication userAuthentication = SecurityContextHolder.getContext().getAuthentication();
        return userAuthentication.getAuthorities().stream() // (2)
                .map(GrantedAuthority::getAuthority)
                .anyMatch(allowedRoles::contains);
    }
    private static final String LOGOUT_SUCCESS_URL = "/";

    public UserDetails getAuthenticatedUser() {
        SecurityContext context = SecurityContextHolder.getContext();
        Object principal = context.getAuthentication().getPrincipal();
        if (principal instanceof UserDetails) {
            return (UserDetails) context.getAuthentication().getPrincipal();
        }
        // Anonymous or no authentication.
        return null;
    }

原文

I've been trying to set up a project with Vaadin 23 and Spring Boot, but I have trouble setting up the security and authentication.
I can provide more of the code if needed.
There are 3 types of users: Admin, Client, Chef but I don't know what is missing.

There is an AuthService in charged of getting a user by mail
Project in: https://github.com/NachoEstevo/homecooking/tree/master/src

The main issue is that since the securityConfig class and SecurityUtils class have been created, the app has issues talking to the frontend.

@Configuration
@EnableWebSecurity
public class SecurityConfig extends VaadinWebSecurityConfigurerAdapter {
        @Resource(name = "authService")
        private UserDetailsService userDetailsService;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
                super.configure(http);
                setLoginView(http, PreLoginView.class);


        }
        @Override
        public void configure(WebSecurity web) throws Exception {
                        web.ignoring().antMatchers(
                                "/images/**"
                        );
                        super.configure(web);
                }

        @Bean
        public BCryptPasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser("user").password("{noop}userpass").roles("CLIENT");
        }

        @Bean
        public DaoAuthenticationProvider createDaoAuthenticationProvider() {
                DaoAuthenticationProvider provider = new DaoAuthenticationProvider();

                provider.setUserDetailsService(userDetailsService);
                provider.setPasswordEncoder(passwordEncoder());
                return provider;
        }

}

public class SecurityUtils {

    static boolean isUserLoggedIn() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return authentication != null
                && !(authentication instanceof AnonymousAuthenticationToken)
                && authentication.isAuthenticated();
    }
    static boolean isFrameworkInternalRequest(HttpServletRequest request) {
        final String parameterValue = request.getParameter(ApplicationConstants.REQUEST_TYPE_PARAMETER);
        return parameterValue != null
                && Stream.of(HandlerHelper.RequestType.values()).anyMatch(r -> r.getIdentifier().equals(parameterValue));
    }

    public static boolean isAccessGranted(Class<?> securedClass) {
        // Allow if no roles are required.
        Secured secured = AnnotationUtils.findAnnotation(securedClass, Secured.class);
        if (secured == null) {
            return true; // (1)
        }

        // lookup needed role in user roles
        List<String> allowedRoles = Arrays.asList(secured.value());
        Authentication userAuthentication = SecurityContextHolder.getContext().getAuthentication();
        return userAuthentication.getAuthorities().stream() // (2)
                .map(GrantedAuthority::getAuthority)
                .anyMatch(allowedRoles::contains);
    }
    private static final String LOGOUT_SUCCESS_URL = "/";

    public UserDetails getAuthenticatedUser() {
        SecurityContext context = SecurityContextHolder.getContext();
        Object principal = context.getAuthentication().getPrincipal();
        if (principal instanceof UserDetails) {
            return (UserDetails) context.getAuthentication().getPrincipal();
        }
        // Anonymous or no authentication.
        return null;
    }

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

通知家属抬走 2025-01-30 20:45:08

从您提供的代码段来判断，您正在使用Spring的@Secured注释。 Vaadin的（Spring）安全支持仅识别@com.vaadin.flow.server.authanonymousallowed，@javax.annotation.security.security.security.permitall.permitall，@javax.annotation。 security.Rolesallowed和@javax.annotation.security.denyall。没有任何公认的注释，默认值是拒绝访问一个视图。请参阅官方文档。