Question

在发布仍然无法解决问题的问题之前，我已经阅读了许多关于弹簧安全性的线程。

我正在尝试配置自定义的spring安全性，即具有执行身份验证的服务类（UserService）。但是，它无法访问UserService。我试图在下面只添加相关的代码段：

我已经更新了例外日志

Web.xml中

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
                /WEB-INF/spring/root-context.xml
    </param-value>
</context-param>

<filter>
     <filter-name>springSecurityFilterChain</filter-name>
     <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
     </filter-class>
 </filter>

<filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>appServlet</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

appServlet-servlet.xml中

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"   
xmlns:p="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/mvc       http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
    http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context-3.0.xsd
    http://www.springframework.org/schema/aop
    http://www.springframework.org/schema/aop/spring-aop.xsd">



<!-- Enables the Spring MVC @Controller programming model -->
<annotation-driven />

<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />

<!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory -->
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <beans:property name="prefix" value="/WEB-INF/views/" />
    <beans:property name="suffix" value=".jsp" />
</beans:bean>

 <context:component-scan base-package="com.autoshipcart.service, com.autoshipcart.serviceImpl, com.autoshipcart.dao, com.autoshipcart.admin, com.autoshipcart.admin.service, com.autoshipcart.admin.serviceImpl, com.autoshipcart.admin.dao, com.autoshipcart.admin.validator, com.autoshipcart.framework" />
 <context:annotation-config />

<beans:bean id="messageSource"
    class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
    <beans:property name="basename" value="classpath:adminproperties/messages" />
    <beans:property name="defaultEncoding" value="UTF-8" />
</beans:bean>
<beans:bean id="multipartResolver"
    class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
     <!-- one of the properties available; the maximum file size in bytes -->
   <beans:property name="maxUploadSize" value="50000000" />

   </beans:bean>

<beans:bean id="localeChangeInterceptor"
      class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
    <beans:property name="paramName" value="siteLanguage"/>
</beans:bean>

<beans:bean id="localeResolver"
      class="org.springframework.web.servlet.i18n.CookieLocaleResolver"/>

根context.xml中

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"   
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context-3.0.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
            http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">


<!-- Root Context: defines shared resources visible to all other web components -->
    <context:component-scan base-package="com.autoshipcart.service, com.autoshipcart.serviceImpl, com.autoshipcart.dao, com.autoshipcart.admin, com.autoshipcart.admin.service, com.autoshipcart.admin.serviceImpl, com.autoshipcart.admin.dao, com.autoshipcart.admin.validator, com.autoshipcart.framework" />
    <context:annotation-config />

    <bean id="propertyConfigurer"
    class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
    <property name="locations">
        <list>
            <value>classpath:adminproperties/jdbc.properties</value>
            <value>classpath:adminproperties/mail.properties</value>

       </list>
    </property>
    <property name="ignoreUnresolvablePlaceholders" value="true"/>        
</bean>

<bean id="dataSourceMaster"
    class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
    <property name="driverClassName" value="${master.jdbc.driverClassName}"/>
    <property name="url" value="${master.jdbc.databaseurl}"/>
    <property name="username" value="${master.jdbc.username}"/>
    <property name="password" value="${master.jdbc.password}"/>
</bean>

<bean id="dataSourceCart1"
    class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
    <property name="driverClassName" value="${cart1.jdbc.driverClassName}"/>
    <property name="url" value="${cart1.jdbc.databaseurl}"/>
    <property name="username" value="${cart1.jdbc.username}"/>
    <property name="password" value="${cart1.jdbc.password}"/>
</bean>

<bean id="sessionFactoryMaster"
    class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
    <property name="dataSource" ref="dataSourceMaster" />
    <property name="configLocation">
        <value>classpath:hibernate.master.cfg.xml</value>
    </property>
    <property name="configurationClass">
        <value>org.hibernate.cfg.AnnotationConfiguration</value>
    </property>
    <property name="hibernateProperties">
        <props>
            <prop key="hibernate.dialect">${master.jdbc.dialect}</prop>
            <prop key="hibernate.show_sql">true</prop>
            <prop key="hibernate.connection.charSet">UTF-8</prop>
            <prop key="hibernate.cache">false</prop>                  
            <prop key="hibernate.cglib.use_reflection_optimizer">false</prop>  
            <prop key="cache.provider_class">org.hibernate.cache.NoCacheProvider</prop>  
            <prop key="hibernate.cache.use_second_level_cache">false</prop>
            <prop key="hibernate.transaction.flush_before_completion">true</prop>  
        </props>
    </property>
</bean>

<bean id="sessionFactoryCart1"
    class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
    <property name="dataSource" ref="dataSourceCart1" />
    <property name="configLocation">
        <value>classpath:hibernate.cfg.xml</value>
    </property>
    <property name="configurationClass">
        <value>org.hibernate.cfg.AnnotationConfiguration</value>
    </property>
    <property name="hibernateProperties">
        <props>
            <prop key="hibernate.dialect">${cart1.jdbc.dialect}</prop>
            <prop key="hibernate.show_sql">true</prop>
            <prop key="hibernate.connection.charSet">UTF-8</prop>
            <prop key="hibernate.cache">false</prop>                  
            <prop key="hibernate.cglib.use_reflection_optimizer">false</prop>  
            <prop key="cache.provider_class">org.hibernate.cache.NoCacheProvider</prop>  
            <prop key="hibernate.cache.use_second_level_cache">false</prop>
            <prop key="hibernate.transaction.flush_before_completion">true</prop>  
        </props>
    </property>
</bean>
    <tx:annotation-driven proxy-target-class="true" />
<bean id="transactionManagerMaster"
    class="org.springframework.orm.hibernate3.HibernateTransactionManager">
    <property name="sessionFactory" ref="sessionFactoryMaster" />
</bean>
    <bean id="transactionManagerCart1"
    class="org.springframework.orm.hibernate3.HibernateTransactionManager">
    <property name="sessionFactory" ref="sessionFactoryCart1" />
</bean>

<bean id="velocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
    <property name="velocityProperties">
        <value>
            resource.loader=class
            class.resource.loader.class=org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
        </value>
    </property>
</bean>

<bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
    <property name="host" value="${mail.host}" />
    <property name="port" value="${mail.port}" />
    <property name="username" value="${mail.username}" />
    <property name="password" value="${mail.password}" />

    <property name="javaMailProperties">
        <props>
            <prop key="mail.smtp.auth">${mail.smtp.auth}</prop>
            <prop key="mail.smtp.starttls.enable">${mail.smtp.starttls.enable}</prop>
        </props>
    </property>

</bean>

<bean id="mailSenderUtil" class="com.autoshipcart.framework.util.MailSenderUtil">
    <property name="mailSender" ref="mailSender"></property>
</bean>


  <bean id="userService" class="com.autoshipcart.admin.serviceImpl.UserServiceImpl"></bean>
<bean id="userDAO" class="com.autoshipcart.admin.hibernatedao.UserHibernateDAO"></bean>

<!-- <bean id="webExpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/> -->



<security:http auto-config="true" use-expressions="false">


     <security:intercept-url pattern="/dashboard" access="IS_AUTHENTICATED_ANONYMOUSLY" />

    <security:form-login login-page="/login"
        login-processing-url="/static/j_spring_security_check"
        default-target-url="/dashboard" 
        authentication-failure-url="/logout"
         />         
 </security:http>

<security:authentication-manager>
    <security:authentication-provider user-service-ref="userService">
        <security:password-encoder hash="plaintext"/>
    </security:authentication-provider>
</security:authentication-manager>

UserServiceImpl.java

package com.autoshipcart.admin.serviceImpl;

/*@Service("userService")*/
@Transactional
public class UserServiceImpl implements UserService,UserDetailsService {

@Autowired
private UserDAO userDAO;


@Transactional
public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException, DataAccessException {
    System.out.println("test>>>>"+ username);
    System.out.println("test2>>>>"+ username);
    UserVO temp= new UserVO();
try{
    User user= userDAO.authenticateUser(username);
        if(user!=null){
            new UserVO();
        }else{          
            throw new UsernameNotFoundException("UserName or Password is incorrect!");
        }



temp.setEmail(user.getEmailId());
temp.setFirstName(user.getFirstName());
temp.setLastName(user.getLastName());
temp.setPassword(user.getPassword());
temp.setUsername(user.getUserName());

}catch(Exception e){
    e.printStackTrace();

}
    return temp;    
}

}

AdminController.java

    @RequestMapping(value = {"/","/dashboard"}, method = {RequestMethod.GET})
public String showDashboard(HttpSession session, 
        Map<String, Object> map, Model model) {
System.out.println("In controller>>");
        String loggedIn= (String) session.getAttribute("loggedIn"); // This job will be done by AOP Intercepor

        if(loggedIn==null)
                return "login";
            else
                return "dashboard";
}   


@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(HttpSession session, HttpServletResponse response,
        Map<String, Object> map, Model model) {
    logger.info("logout function is called>>>>>");
    System.out.println("logout function is called");
    if(session.getAttribute("loggedIn")=="true"&&session.getAttribute("configMap")!=null)
    {    System.out.println("session");
        session.setAttribute("loggedIn", null);
        session.setAttribute("configMap", null);
        session.invalidate();
        response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
        response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        response.setDateHeader("Expires", 0); // Proxies.
    }
  return "login";//"redirect:/";
}

我没有更多的例外。以下是我尝试登录时的日志：

DEBUG：org.springframework.security.web.FilterChainProxy - / j_spring_security_check在位置1的10位额外的过滤链中;触发过滤器：＆＃39; SecurityContextPersistenceFilter＆＃39; DEBUG：org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession为SPRING_SECURITY_CONTEXT返回了null对象 DEBUG：org.springframework.security.web.context.HttpSessionSecurityContextRepository - 没有来自HttpSession的SecurityContext：org.apache.catalina.session.StandardSessionFacade@6ab494c6。将创建一个新的。 DEBUG：org.springframework.security.web.FilterChainProxy - / j_spring_security_check位于第2位的10位额外的过滤链中;触发过滤器：＆＃39; LogoutFilter＆＃39; DEBUG：org.springframework.security.web.FilterChainProxy - / j_spring_security_check位于第3位的10位额外的过滤链;触发过滤器：＆＃39; UsernamePasswordAuthenticationFilter＆＃39; DEBUG：org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - 请求是处理身份验证 DEBUG：org.springframework.security.authentication.ProviderManager - 使用org.springframework.security.authentication.dao.DaoAuthenticationProvider进行身份验证尝试 DEBUG：org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - 身份验证请求失败：**

org.springframework.security.authentication.AuthenticationServiceException：没有名为＆＃39; transactionManager＆＃39;已定义

DEBUG：org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - 更新了SecurityContextHolder以包含null身份验证 DEBUG：org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - 委托身份验证失败handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@125e3283 DEBUG：org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - 重定向到/ logout DEBUG：org.springframework.security.web.DefaultRedirectStrategy - 重定向到＆＃39; / ascartadmin / logout＆＃39; DEBUG：org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext为空或内容为匿名 - 上下文不会存储在HttpSession中。 DEBUG：org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder现已清除，请求处理完成 DEBUG：org.springframework.security.web.FilterChainProxy - /在第1个10位的注销中添加额外的过滤器链;触发过滤器：＆＃39; SecurityContextPersistenceFilter＆＃39; DEBUG：org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession为SPRING_SECURITY_CONTEXT返回了null对象 DEBUG：org.springframework.security.web.context.HttpSessionSecurityContextRepository - 没有来自HttpSession的SecurityContext：org.apache.catalina.session.StandardSessionFacade@6ab494c6。将创建一个新的。 DEBUG：org.springframework.security.web.FilterChainProxy - /在第2个10位的注销中添加额外的过滤器链;触发过滤器：＆＃39; LogoutFilter＆＃39; DEBUG：org.springframework.security.web.FilterChainProxy - /在第3个10位的注销中添加额外的过滤器链;触发过滤器：＆＃39; UsernamePasswordAuthenticationFilter＆＃39; DEBUG：org.springframework.security.web.FilterChainProxy - / logout在第4位，共有10个额外的过滤链;触发过滤器：＆＃39; BasicAuthenticationFilter＆＃39; DEBUG：org.springframework.security.web.FilterChainProxy - /在第5位10的注销中添加额外的过滤器链;触发过滤器：＆＃39; RequestCacheAwareFilter＆＃39; DEBUG：org.springframework.security.web.FilterChainProxy - / logout在第6位的10位在额外的过滤链中;触发过滤器：＆＃39; SecurityContextHolderAwareRequestFilter＆＃39; DEBUG：org.springframework.security.web.FilterChainProxy - / logout在第7位，共有10个额外的过滤链;触发过滤器：＆＃39; AnonymousAuthenticationFilter＆＃39; DEBUG：org.springframework.security.web.authentication.AnonymousAuthenticationFilter - 带有匿名令牌的填充SecurityContextHolder：＆＃39; org.springframework.security.authentication.AnonymousAuthenticationToken@6fa90ed4：Principal：anonymousUser;证书：[保护];认证：真实;详细信息：org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c：RemoteIpAddress：0：0：0：0：0：0：0：1; SessionId：1CCAA9863B99B4E75D065F26D664ADE5;授权机构：ROLE_ANONYMOUS＆＃39; DEBUG：org.springframework.security.web.FilterChainProxy - /在第8位的注销中添加10个额外的过滤器链;触发过滤器：＆＃39; SessionManagementFilter＆＃39; DEBUG：org.springframework.security.web.FilterChainProxy - / logout在第9位的10位额外的过滤链中;触发过滤器：＆＃39; ExceptionTranslationFilter＆＃39; DEBUG：org.springframework.security.web.FilterChainProxy - /在10位10的注销中添加额外的过滤器链;触发过滤器：＆＃39; FilterSecurityInterceptor＆＃39; DEBUG：org.springframework.security.web.util.AntPathRequestMatcher - 检查请求的匹配：＆＃39; / logout＆＃39 ;;反对＆＃39; /仪表板＆＃39; DEBUG：org.springframework.security.web.access.intercept.FilterSecurityInterceptor - 公共对象 - 未尝试身份验证 DEBUG：org.springframework.security.web.FilterChainProxy - / logout到达额外过滤器链的末尾;继续与原始链 INFO：com.autoshipcart.admin.controller.AdminController - 注销函数名为＆gt;＆gt;＆gt;＆gt;＆gt; 注销函数被调用 DEBUG：org.springframework.security.web.access.ExceptionTranslationFilter - 正常处理链 DEBUG：org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext为空或内容为匿名 - 上下文不会存储在HttpSession中。 DEBUG：org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder现已清除，请求处理完成

Answer 1

您在安全配置中的登录处理网址为login-processing-url="/static/j_spring_security_check" 为什么要在此网址中添加静态内容，默认为/j_spring_security_check，只需在删除static关键字后尝试

Spring安全配置

1 个答案: