access表达式错误
来源:7-1 授权的概念和安全表达式的应用
慕UI8284076
2024-04-07
SpringSecurityConfig做了配置:
.authorizeRequests(req -> req
.antMatchers("/authorize/**").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/api/users/{username}/**")
.access("@UserServiceImpl.isValidUser(authentication, #username)")
.antMatchers("/api/**").hasRole("USER").anyRequest().authenticated())
调用了UserServiceImpl->isValidUser()方法
package com.doc.SpringSecurity.service.impl;
import com.doc.SpringSecurity.config.Constants;
import com.doc.SpringSecurity.model.dao.RoleMapper;
import com.doc.SpringSecurity.model.dao.UserMapper;
import com.doc.SpringSecurity.model.pojo.User;
import com.doc.SpringSecurity.model.vo.AuthVO;
import com.doc.SpringSecurity.service.UserService;
import com.doc.SpringSecurity.util.JwtUtil;
import com.doc.SpringSecurity.util.TotpUtil;
import com.google.common.collect.Sets;
import lombok.RequiredArgsConstructor;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.naming.AuthenticationException;
import java.util.Optional;
@RequiredArgsConstructor
@Service
public class UserServiceImpl implements UserService {
private final UserMapper userMapper;
private final RoleMapper roleMapper;
private final PasswordEncoder passwordEncoder;
private final JwtUtil jwtUtil;
private final TotpUtil totpUtil;
@Transactional(rollbackFor = Exception.class)
@Override
public User register(User user) {
return roleMapper.findOptionalByAuthority(Constants.ROLE_USER)
.map(role -> {
User userToSave = user.withAuthorities(Sets.newHashSet(role))
.withPassword(passwordEncoder.encode(user.getPassword()))
.withMfaKey(totpUtil.encodeKeyToString())
;
return userMapper.save(userToSave);
})
.orElseThrow(() -> new RuntimeException("注册失败"));
}
@Override
public AuthVO login(String username, String password) throws AuthenticationException {
return userMapper.findOptionalByUsername(username)
.filter(user -> passwordEncoder.matches(password, user.getPassword()))
.map(user -> new AuthVO(
jwtUtil.createAccessToken(user),
jwtUtil.createRefreshToken(user)
))
.orElseThrow(() -> new BadCredentialsException("用户名或者密码错误"));
}
@Override
public Optional<User> findOptionalByUsernameAndPassword(String username, String password) {
Optional<User> optionalUser = userMapper.findOptionalByUsername(username);
return optionalUser
.filter(user -> passwordEncoder.matches(password, user.getPassword()));
}
@Override
public void upgradePasswordEncodingIfNeeded(User user, String rawPassword) {
if (passwordEncoder.upgradeEncoding(user.getPassword())) {
userMapper.save(user.withPassword(passwordEncoder.encode(rawPassword)));
}
}
@Override
public Optional<String> createTotp(String key) {
return totpUtil.createTotp(key);
}
@Override
public boolean isUsernameExisted(String username) {
return userMapper.countByUsername(username) > 0;
}
@Override
public boolean isEmailExisted(String email) {
return userMapper.countByEmail(email) > 0;
}
@Override
public boolean isMobileExisted(String mobile) {
return userMapper.countByMobile(mobile) > 0;
}
public boolean isValidUser(Authentication authentication, String username) {
return authentication.getName().equals(username);
}
}
@UserServiceImpl.isValidUser(authentication, #username) 报错:
[dispatcherServlet] in context with path [] threw exception
java.lang.IllegalArgumentException: Failed to evaluate expression ‘@UserServiceImpl.isValidUser(authentication, #username)’
请问为什么哈?我的jdk是1.8的版本
写回答
1回答
-
接灰的电子产品
2024-04-08
课程是 jdk11,请调整一下 jdk 版本。否则写法上面会有较大差距
00
相似问题