我想从一些见解中询问,因为我不确定这里有什么问题。我需要通过数据库存储的细节添加身份验证,所以我试图这样做。问题是我用来访问主页面的每个用户详细信息都会返回登录失败页面。
DAO层
@Transactional
@Repository ("staffDAO")
public class StaffDAO extends AbstractDAO<Staff>{
public StaffDAO() {
super(Staff.class);
}
@Autowired
@Resource(name="sessionFactory")
private SessionFactory sessionFactory;
private Transaction transaction;
public void setSessionFactory(SessionFactory sessionFactory) {
this.sessionFactory = sessionFactory;}
@SuppressWarnings("unchecked")
public List<Authority> getAuthority() {
Session session = sessionFactory.getCurrentSession();
Query query = session.createQuery("from Authority ");
return query.list();}
public void saveAuthority(Authority authority) {
try {
Session session = sessionFactory.getCurrentSession();
transaction = session.beginTransaction();
session.save(authority);
transaction.commit();
} catch (Exception e) {
transaction.rollback();}}
@Transactional("hibernatetransactionManager")
public Staff getUserByUserName(String userName){
Query queryResult;
queryResult =getCurrentSession().createQuery("from Staff where username=:userName");
queryResult.setParameter("userName", new String(userName));
return (Staff) queryResult.list().get(0)}}
服务图层
public interface StaffService{
List<Authority> getAuthorities();
public void saveAuthority(Authority authority);
public Staff getUserByUserName(String userName);}
@Service("staffService")
@Transactional(propagation = Propagation.REQUIRED, readOnly = true)
public class StaffServiceImpl implements StaffService {
@Autowired
StaffDAO staffDAO;
private AbstractDAO<Staff> sessionFactory;
public StaffDAO getStaffDAO() {
return staffDAO;}
public void setStaffDAO(StaffDAO staffDAO) {
this.staffDAO = staffDAO;}
@Override
public List<Authority> getAuthorities() {
return staffDAO.getAuthority();}
@Override
public void saveAuthority(Authority authority) {
staffDAO.saveAuthority(authority);}
@Override
public Staff getUserByUserName(String userName) {
return staffDAO.getUserByUserName(userName);}}
CustomUserDetailsService
@Repository("customUserDetailsService")
@Service
@Component
public class CustomUserDetailsService implements UserDetailsService{
@Resource
private StaffService staffService;
public CustomUserDetailsService(){
}
public CustomUserDetailsService(StaffService staffService) {
this.staffService = staffService; }
@Override
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException {
Staff staff;
try {
staff = staffService.getUserByUserName(userName);
} catch (Exception e) {
throw new UsernameNotFoundException(
"getUserByUserName returned null.");}
return (UserDetails) staff;}}
模型
@Entity
@Table(name = "staff")
@Component
public class Staff implements Serializable, UserDetails{
private static final long serialVersionUID = 8825646974241476909L;
@Id
@Column(name = "staff_id")
private String staffId;
@Column(name = "name")
private String name;
@Column(name = "username")
private String username;
@Column(name = "password")
private String password;
***** getters and setters
public void setAuthorities(Set<Authority> authorities) {
this.authorities = authorities;
}
@Override
public Set<Authority> getAuthorities() {
return authorities;
}}
@Entity
@Table(name="authorities")
@Component
public class Authority implements Serializable, GrantedAuthority{
private static final long serialVersionUID = 1L;
public Authority(){
// must have one default constructor
}
@Id
@Column(name = "authority")
private String authority;
@Column(name = "role_name",nullable=false,unique=true)
private String roleName;
public String getRoleName() {
return roleName;
}
public void setRoleName(String roleName) {
this.roleName = roleName;
}
@Override
public String getAuthority() {
return authority;
}
public void setAuthority(String authority) {
this.authority = authority;
}
public Authority(String authority,String roleName){
this.authority=authority;
this.roleName=roleName;
}}
XML配置
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService"/>
</authentication-manager>
<beans:bean id="customUserDetailsService"
class="com.project.professional.service.CustomUserDetailsService">
</beans:bean>
<http auto-config="true" use-expressions="true" >
<intercept-url pattern="/j_spring_security_check" access="permitAll"/>
<intercept-url pattern='/home' access="hasRole('ROLE_USER')" />
<form-login login-page='/login' always-use-default-target="true" default-target-
url="/home" authentication-failure-url="/auth/loginFailed"/>
<logout invalidate-session="true" logout-success-url='/login' />
</http>
控制器
@RequestMapping(value="/login", method = RequestMethod.GET)
public String getLoginPage(ModelMap model) {
return "login";}
@RequestMapping(value = "/home", method = RequestMethod.GET)
public String getHomePage(Locale locale, Model model) {
return "/home";}
JSP
<c:url value="/j_spring_security_check" var="loginUrl"/>
<form action="${loginUrl}" method="post" name="loginForm">
<p>
<label for="j_username">Username</label>
<input id="j_username" name="j_username" type="text" />
</p>
<p>
<label for="j_password">Password</label>
<input id="j_password" name="j_password" type="password" />
</p>
<input type="submit"
value="Login"/>
</form>
所以我要问的是,是否有任何我遗漏的内容,以及为什么它不进行身份验证并返回主页。我很感激任何洞察力。