Spring Security 中There is no PasswordEncoder mapped for the id "null"问题解决方法和实现特定角色特定权限管理...

第一次使用Springboot权限管理Spring security时，使用 inMemoryAuthentication(内存）用户验证时，控制台报错:

原因分析：有些Spring security5.X版本没有提供PasswordEncoder实例，不是以明文的方式进行匹配，会报错。

解决:

1.创建PasswordEncoder的实现类MyPasswordEncoder.class:

package Encode;

import org.springframework.security.crypto.password.PasswordEncoder;

public class MyPasswordEncoder implements PasswordEncoder {
    @Override
    public String encode(CharSequence charSequence) {
        return charSequence.toString();
    }

    @Override
    public boolean matches(CharSequence charSequence, String s) {
        return s.equals(charSequence.toString());
    }
}

  2.在内存用户中添加passwordEncoder(new MyPasswordEncoder()):

package com.example.demo;

import Encode.MyPasswordEncoder;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SpringSecurity extends WebSecurityConfigurerAdapter {

    //只有本小组的组员看到登陆,设置内存指定的登陆账号密码和角色
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //若不带.passwordEncoder(new MyPasswordEncoder())这样页面提交时就不是1以明文的方式进行匹配，报错
        auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder()).withUser("admin").password("123456").roles("ADMIN");
        auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder()).withUser("major").password("1234560").roles("USER");
    }

    //指定安全访问规则
    @Override
    protected  void configure(HttpSecurity http) throws Exception {
        //设置登录注销1，表单登陆不用拦截，其他需要
        http.authorizeRequests().antMatchers("/").permitAll()
        .anyRequest().authenticated()
        .and()
        .logout().permitAll()
        .and()
        .formLogin();
        //关闭csrf认证
        http.csrf().disable();
    }



    @Override
    public void configure(WebSecurity web) throws Exception{
        //设置静态资源不要拦截
        web.ignoring().antMatchers("js/**","/css/**","/images/**");
    }


}

另外，我的权限管理规则如下：

package com.example.demo;

import Encode.MyPasswordEncoder;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SpringSecurity extends WebSecurityConfigurerAdapter {

    //只有本小组的组员看到登陆,设置内存指定的登陆账号密码和角色
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //若不带.passwordEncoder(new MyPasswordEncoder())这样页面提交时就不是1以明文的方式进行匹配，报错
        auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder()).withUser("admin").password("123456").roles("ADMIN");
        auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder()).withUser("major").password("1234560").roles("USER");
    }

    //指定安全访问规则
    @Override
    protected  void configure(HttpSecurity http) throws Exception {
        //设置登录注销1，表单登陆不用拦截，其他需要
        http.authorizeRequests().antMatchers("/").permitAll()
        .anyRequest().authenticated()
        .and()
        .logout().permitAll()
        .and()
        .formLogin();
        //关闭csrf认证
        http.csrf().disable();
    }



    @Override
    public void configure(WebSecurity web) throws Exception{
        //设置静态资源不要拦截
        web.ignoring().antMatchers("js/**","/css/**","/images/**");
    }


}

启动程序：

package com.example.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@SpringBootApplication
//controller and rospondisty的组合
@RestController

//自动配置
@EnableAutoConfiguration


public class DemoApplication {

	public static void main(String[] args) {
		SpringApplication.run(DemoApplication.class, args);
	}

	@RequestMapping("/")
	public String say(){
		return "hello world";
	}

	@RequestMapping("/hello")
	public String hello(){
		return "hello";
	}


	//只有admin才可以使用这一级别
	@PreAuthorize("hasRole('ROLE_ADMIN')")
	@RequestMapping("/roleauth")
	public String hello01(){
		return "hello world!";
	}

}

3.运行

成功结果：

4.在规则配置中用户major是不能访问roleauth页面的，可代码中仍可：

5.需要在项目启动程序中加入@EnableGlobalMethodSecurity(prePostEnabled = true)注解：

用户major无权访问，满足需求

转载于:https://my.oschina.net/1024and1314/blog/3066305