我尝试从StackOverflow(Use Spring Security with JPA)发布这篇文章但没有成功。
我实现了UserDetailsService:
import javax.inject.Inject;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.boss.mrfoods.dao.UserDao;
import com.boss.mrfoods.entity.User;
@Service
public class LoginController implements UserDetailsService {
@Inject
private UserDao userDao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
User user = userDao.getForUsername(username);
System.out.println("USERNAME: " + username);
System.out.println("USER: " + user);
System.out.println("ROLES:" + user.getRoles());
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), user.getRoles());
}
}
并在其中一个Spring XML配置文件中引用它:
<debug />
<global-method-security pre-post-annotations="enabled" />
<http pattern="/resources/**" security="none" />
<http pattern="/pages/loggedout.xhtml" security="none" />
<http pattern="/pages/timeout.xhtml" security="none" />
<http use-expressions="true">
<intercept-url pattern="/pages/admin/**" access="hasRole('supervisor')" />
<intercept-url pattern="/pages/user/**" access="isAuthenticated()" />
<intercept-url pattern="/**" access="permitAll" />
<form-login />
<logout logout-success-url="/pages/loggedout.xhtml" delete-cookies="JSESSIONID" />
<remember-me />
</http>
<beans:bean id="customUserDetailsService" class="com.boss.mrfoods.controller.LoginController" />
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>
什么都没发生。没有例外,我的UserDetailsService实现永远不会被调用。
我想要的是Spring Security使用我的JPA连接/事务来查找用户/角色。我错过了配置吗?如果我甚至没有得到和例外,我在哪里开始寻找问题。
我到目前为止发现的是:我的userDao为空。对象注入不起作用。注入无法构建对象。为什么?
感谢您阅读此内容。
答案 0 :(得分:0)
您能详细说明您登录该应用程序的方式。您是否直接访问用户页面并期望登录页面?
您是否尝试过像这样设置登录页面,
<form-login
login-page="/login.html"
login-processing-url="/j_spring_security_check.action"
authentication-failure-url="/login_error.html"
default-target-url="/home.html"
always-use-default-target="true"/>