JSF与Spring Security的集成

时间:2013-09-18 17:43:33

标签: hibernate jsf spring-security

抱歉我的英文。将JSF与Spring Security集成的问题。

我做了什么:

  1. 在实体User已实施的界面UserDetails
  2. 接口UserDAO扩展接口UserDetailsService

  3. UserHibernateDAO已实施接口UserDAO

    在LoginMB中如果要添加metod login()

    public void login() {
        UserDetails user = getDao().loadUserByUsername("admin2@admin.ru");
        password= user.getPassword();
}

    然后按预期显示密码,即步骤1-3正在运行。

  4. 在applicationContext-security.xml中我要添加:

    <beans:bean id="UserDAO" class="com.otv.model.dao.hibernate.UserHibernateDAO" />
<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="UserDAO" />
</authentication-manager>

  5. 在LoginMB中:

    public class LoginMB implements Serializable {

    private static final long serialVersionUID = 1L;

    @Qualifier("authenticationManager")
    AuthenticationManager authenticationManager;

    private String userName;
    private String password;

    public String login() {

        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("admin2@admin.ru", "2");

        // next line is 54 
        Authentication authenticate = authenticationManager.authenticate(token);            

        if (authenticate.isAuthenticated()) {
            SecurityContextHolder.getContext().setAuthentication(authenticate);
        }
        return "success";
    }

    //get and set metods

}

    6. 它会输出错误:

    javax.faces.FacesException: #{loginMB.login}: java.lang.NullPointerException
...
java.lang.NullPointerException
    at com.otv.managed.bean.LoginMB.login(LoginMB.java:54)

    我的想法,在LoginMB中不起作用@Qualifier注释:

    @Qualifier("authenticationManager")
AuthenticationManager authenticationManager;

    请告诉我如何在另一个链接上使用authenticationManager?

1 个答案:

答案 0 :(得分:0)

来自applicationContext-security.xml不起作用@ManagedProperty。为什么呢?

  1. 在LoginMB中我添加了:

    @ManagedProperty(value="#{authenticationManager}")
AuthenticationManager authenticationManager;

  2. 在applicationContext.xml中我添加了:             

    <sec:http auto-config="true">

    <sec:form-login login-page="/pages/login.html" authentication-failure-url="/fail.html" />
    <sec:intercept-url pattern="/pages/service/*" access="ROLE_SHIPPER" />
    <sec:intercept-url pattern="/pages/task/*" access="ROLE_CARRIER" />

</sec:http>

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider user-service-ref="UserDAO">
        <sec:password-encoder hash="plaintext" />
    </sec:authentication-provider>
</sec:authentication-manager>

    3. 它正在运作!

相关问题
最新问题