Spring Security用户JPA连接

时间:2013-02-27 16:26:50

标签: jsf jpa spring-security

我尝试从StackOverflow(Use Spring Security with JPA)发布这篇文章但没有成功。

我实现了UserDetailsS​​ervice:

import javax.inject.Inject;

import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import com.boss.mrfoods.dao.UserDao;
import com.boss.mrfoods.entity.User;

@Service
public class LoginController implements UserDetailsService {

    @Inject
    private UserDao userDao;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
        User user = userDao.getForUsername(username);

        System.out.println("USERNAME: " + username);
        System.out.println("USER: " + user);
        System.out.println("ROLES:" + user.getRoles());

        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), user.getRoles());
    }

}

并在其中一个Spring XML配置文件中引用它:

<debug />

<global-method-security pre-post-annotations="enabled" />

<http pattern="/resources/**" security="none" />
<http pattern="/pages/loggedout.xhtml" security="none" />
<http pattern="/pages/timeout.xhtml" security="none" />

<http use-expressions="true">
    <intercept-url pattern="/pages/admin/**" access="hasRole('supervisor')" />
    <intercept-url pattern="/pages/user/**" access="isAuthenticated()" />
    <intercept-url pattern="/**" access="permitAll" />
    <form-login />
    <logout logout-success-url="/pages/loggedout.xhtml" delete-cookies="JSESSIONID" />
    <remember-me />
</http>

<beans:bean id="customUserDetailsService" class="com.boss.mrfoods.controller.LoginController" />

<authentication-manager>
    <authentication-provider user-service-ref="customUserDetailsService">
        <password-encoder hash="plaintext" />
    </authentication-provider>
</authentication-manager>

什么都没发生。没有例外,我的UserDetailsS​​ervice实现永远不会被调用。

我想要的是Spring Security使用我的JPA连接/事务来查找用户/角色。我错过了配置吗?如果我甚至没有得到和例外,我在哪里开始寻找问题。

我到目前为止发现的是:我的userDao为空。对象注入不起作用。注入无法构建对象。为什么?

感谢您阅读此内容。

1 个答案:

答案 0 :(得分:0)

您能详细说明您登录该应用程序的方式。您是否直接访问用户页面并期望登录页面?

您是否尝试过像这样设置登录页面,

 <form-login
        login-page="/login.html"
        login-processing-url="/j_spring_security_check.action"
        authentication-failure-url="/login_error.html"
        default-target-url="/home.html"
        always-use-default-target="true"/>
相关问题
最新问题