我想通过阅读here将remember-me添加到我的登录页面,它需要一个UserDetailsService。但我的UserDetailsService没有被调用,任何人都可以指出我错了吗?感谢。
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- configure Spring-Security
auto-config is false.
use-expressions is true: see http://static.springsource.org/spring-security/site/docs/3.1.x/reference/el-access.html
access-denied-page: which page is redirected when login is denied
entry-point-ref: This attribute allows this behaviour to be overridden by defining a customized
AuthenticationEntryPoint bean which will start the authentication process
-->
<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint" >
<!-- define how to handle the url /auth/login, primitAll is used since we defined use-expressions=true -->
<security:intercept-url pattern="/login" access="permitAll"/>
<security:intercept-url pattern="/search" access="hasRole('ROLE_USER')"/>
<!-- The logout element adds support for logging out by navigating to a particular URL.
The default logout URL is /j_spring_security_logout,
but you can set it to something else using the logout-url attribute -->
<security:logout
invalidate-session="true"
logout-success-url="/login" />
<security:custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
<security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
</security:http>
<!-- Custom filter to deny unwanted users even though registered -->
<bean id="blacklistFilter" class="com.myapp.filter.BlacklistFilter" />
<!-- Custom filter for username and password. we need to create another 4 beans -->
<bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
p:rememberMeServices-ref="rememberMeServices"
p:authenticationManager-ref="customAuthenticationManager"
p:authenticationFailureHandler-ref="customAuthenticationFailureHandler"
p:authenticationSuccessHandler-ref="customAuthenticationSuccessHandler" />
<!-- Bean 1: Custom authentication manager. -->
<bean id="customAuthenticationManager" class="com.myapp.manager.CustomAuthenticationManager" />
<!-- bean 2: set the default failure url here -->
<bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
p:defaultFailureUrl="/login?error=true" />
<!-- bean 3: set the default target url here -->
<bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"
p:defaultTargetUrl="/search" />
<!-- bean 4: remember me -->
<bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="key" value="myapp"/>
</bean>
<bean id="userDetailsService" class="com.myapp.service.UserDetailsServiceImpl" />
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
p:loginFormUrl="/login"/>
<security:authentication-manager/></beans>
谢谢,拉尔夫
我添加了过滤器,但仍然没有调用UserDetailsServiceImpl,有一个停止点。
public UserDetails loadUserByUsername(String email)
throws UsernameNotFoundException {
logger.info("User details service is called");
return null;
}
现在的配置是:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- configure Spring-Security
auto-config is false.
use-expressions is true: see http://static.springsource.org/spring-security/site/docs/3.1.x/reference/el-access.html
access-denied-page: which page is redirected when login is denied
entry-point-ref: This attribute allows this behaviour to be overridden by defining a customized
AuthenticationEntryPoint bean which will start the authentication process
-->
<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint" >
<!-- define how to handle the url /auth/login, primitAll is used since we defined use-expressions=true -->
<security:intercept-url pattern="/login" access="permitAll"/>
<security:intercept-url pattern="/search" access="hasRole('ROLE_USER')"/>
<!-- The logout element adds support for logging out by navigating to a particular URL.
The default logout URL is /j_spring_security_logout,
but you can set it to something else using the logout-url attribute -->
<security:logout
invalidate-session="true"
logout-success-url="/login" />
<security:custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
<security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
<security:custom-filter ref="rememberMeFilter" position="REMEMBER_ME_FILTER"/>
</security:http>
<!-- Custom filter to deny unwanted users even though registered -->
<bean id="blacklistFilter" class="com.myapp.filter.BlacklistFilter" />
<!-- Custom filter for username and password. we need to create another 4 beans -->
<bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
p:rememberMeServices-ref="rememberMeServices"
p:authenticationManager-ref="customAuthenticationManager"
p:authenticationFailureHandler-ref="customAuthenticationFailureHandler"
p:authenticationSuccessHandler-ref="customAuthenticationSuccessHandler" />
<!-- Bean 1: Custom authentication manager. -->
<bean id="customAuthenticationManager" class="com.myapp.manager.CustomAuthenticationManager" />
<!-- bean 2: set the default failure url here -->
<bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
p:defaultFailureUrl="/login?error=true" />
<!-- bean 3: set the default target url here -->
<bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"
p:defaultTargetUrl="/search" />
<!-- bean 4: remember me -->
<bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="key" value="myapp"/>
</bean>
<bean id="userDetailsService" class="com.myapp.service.UserDetailsServiceImpl" />
<bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<property name="rememberMeServices" ref="rememberMeServices"/>
<property name="authenticationManager" ref="customAuthenticationManager" />
</bean>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
p:loginFormUrl="/login"/>
<security:authentication-manager alias="theAuthenticationManager"/></beans>
答案 0 :(得分:0)
您似乎忘了添加RememberMeAuthenticationFilter
。 - 看看你提到的文档中的例子,你会看到我的意思。
尝试首先将配置缩减为默认配置,例如http://www.i-develop.be/blog/2010/02/04/spring-security-remember-me/