0
我在springg-mvc應用程序上使用SpringKit框架進行身份驗證和授權。我會在之前發佈一些代碼,但在此之前,請知道我沒有一個可以設置或檢索角色的角色的獨立表。所以無論何時登錄,它都會轉到denied.jsp。當我檢查catalina.out時,它說,查詢後的休眠可以找到一組行。即使成功登錄後,Spring安全性也會重定向到拒絕頁面(來自catalina.out)
安全-context.xml的(一部分)
<security:http use-expressions="true" auto-config="false" access-denied-page="/403" disable-url-rewriting="true">
<security:session-management>
<security:concurrency-control max-sessions="5" />
</security:session-management>
<security:form-login login-page="/login" login-processing-url="/login.do" default-target-url="/users" always-use-default-target="true"
authentication-failure-url="/denied" username-parameter="username" password-parameter="password"/>
<security:logout logout-url="/logout" logout-success-url="/login?out=1" delete-cookies="JSESSIONID" invalidate-session="true" />
<security:intercept-url pattern="/*" requires-channel="any" access="permitAll" />
<security:intercept-url requires-channel="any" pattern="/login*" access="permitAll"/>
<security:intercept-url pattern="/**" requires-channel="any" access="hasRole('ROLE_USER')" />
</security:http>
<!-- queries to be run on data -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider >
<security:jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username,password,true
from registration where username=?" authorities-by-username-query="select u.username, 'ROLE_USER' from registration where u.username=?" />
</security:authentication-provider>
</security:authentication-manager>
login服務
//Imports ommited
@Transactional
@Service("userDetailsService")
public class LoginService implements UserDetailsService{
@Autowired private UserDao userDao;
@Autowired private Assembler assembler;
@Override
@Transactional
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserDetails userDetails = null;
User user = userDao.findByName(username);
if(user == null) { throw new UsernameNotFoundException("Wrong username or password");}
return assembler.buildUserFromUserEntity(user);
}
}
彙編:
@Service("assembler")
public class Assembler {
@Transactional(readOnly = true)
User buildUserFromUserEntity(com.WirTauschen.model.User userEntity){
String username = userEntity.getUsername();
String password = userEntity.getPassword();
int id = userEntity.getId();
boolean enabled = userEntity.isActive();
boolean accountNonExpired = userEntity.isAccountNonExpired();
boolean credentialsNonExpired = userEntity.isCredentialsNonExpired();
boolean accountNonLocked = userEntity.isAccountNonLocked();
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
User user1 = new User(username,password,enabled,accountNonExpired,credentialsNonExpired,accountNonLocked,authorities);
return user1;
}
}
你好Holmis83:謝謝你的回覆。語法禁止僅使用身份驗證管理器以外的身份驗證提供程序,並且身份驗證管理器由使用JDBC的代碼組成。我是否應該將其與另一個身份驗證提供程序一起納入。我希望沒有衝突。 –
2014-10-06 07:15:33
@Orici允許有多個身份驗證提供程序,但可能只需要一個身份驗證提供程序。所以選擇'jdbc-user-service' *或*'user-service-ref'。既然你已經完成了'UserDetailsService'的實現,我假設你想要後者。 – holmis83 2014-10-06 07:53:05
謝謝你。這真的幫了很大忙。加1已經給出.. :-) – 2014-10-06 09:27:54