我使用spring-security来验证用户在其功能中的配置文件,但是我的应用程序不能很好,当我看到文件日志时,它告诉我这个:
DEBUG DaoAuthenticationProvider:308 - 用户帐户被锁定
在我的表单登录中我把数据很好,但我从未传递到其他页面,我总是在同一页面(表单页面),我介绍好坏数据
我的代码是:
文件配置spring-security.xml
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true" access-decision-manager-ref="accessDecisionManager">
<security:intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/init" access="PROFILE_ADMINISTRATOR" />
<security:form-login
login-page="/"
default-target-url="/init"
always-use-default-target='true'
authentication-failure-url="/"/>
<security:http-basic />
</security:http>
<security:authentication-manager alias="autenticationManagerUserService">
<security:authentication-provider user-service-ref="userService">
<security:password-encoder hash="md5"/>
</security:authentication-provider>
</security:authentication-manager>
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:ref bean="decisorDeRoles"/>
<beans:ref bean="decisorDeAutenticacion"/>
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="decisorDeRoles" class="org.springframework.security.access.vote.RoleVoter">
<beans:property name="rolePrefix" value="PROFILE_"/>
</beans:bean>
<beans:bean id="decisorDeAutenticacion" class="org.springframework.security.access.vote.AuthenticatedVoter"/>
<beans:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
</beans:beans>
UserDatailsService类
@Service("userService")
public class SecurityAuthenticationProvider implements UserDetailsService
{
UserDao userDao = new UserDao ();
@Override
public UserDetails loadUserByUsername (String username) throws UsernameNotFoundException, DataAccessException
{
User user = null;
List<User> users = userDao.getUser (username);
if (users.size () == 0)
{
throw new UsernameNotFoundException ("");
}
else
{
user = users.get (0);
user.setAuthorities (userDao.getProfileUser (username));
return user;
}
}
}
类UserDatails
public class User implements UserDetails
{
private List<GrantedAuthority> profiles;
private String username;
private String password;
private boolean accountNonExpired;
private boolean accountNonLocked;
private boolean credentialsNonExpired;
private boolean enabled;
@Override
public Collection<? extends GrantedAuthority> getAuthorities ()
{
return profiles;
}
@SuppressWarnings("unchecked")
public void setAuthorities (List<? extends GrantedAuthority> profiles)
{
this.profiles = (List<GrantedAuthority>) profiles;
}
@Override
public String getPassword ()
{
return password;
}
@Override
public String getUsername ()
{
return username;
}
@Override
public boolean isAccountNonExpired ()
{
return accountNonExpired;
}
@Override
public boolean isAccountNonLocked ()
{
return accountNonLocked;
}
@Override
public boolean isCredentialsNonExpired ()
{
return credentialsNonExpired;
}
@Override
public boolean isEnabled ()
{
return enabled;
}
public void setUsername (String username)
{
this.username = username;
}
public void setPassword (String password)
{
this.password = password;
}
public void setAccountNonExpired (boolean accountNonExpired)
{
this.accountNonExpired = accountNonExpired;
}
public void setAccountNonLocked (boolean accountNonLocked)
{
this.accountNonLocked = accountNonLocked;
}
public void setCredentialsNonExpired (boolean credentialsNonExpired)
{
this.credentialsNonExpired = credentialsNonExpired;
}
public void setEnabled (boolean enabled)
{
this.enabled = enabled;
}
}
class GrantedAuthority
public class Profile implements GrantedAuthority
{
private String profile;
@Override
public String getAuthority ()
{
return profile;
}
public String getProfile ()
{
return profile;
}
public void setProfile (String profile)
{
this.profile = profile;
}
}
我创建的用于模拟数据库访问(获取数据)的类
public class UserDao
{
public List<? extends GrantedAuthority> getProfileUser (String name)
{
List<GrantedAuthority> listGrantedAuthorities = new ArrayList<GrantedAuthority> ();
Profile profile = new Profile ();
profile.setProfile ("PROFILE_ADMINISTRATOR");
listGrantedAuthorities.add (profile);
return listGrantedAuthorities;
}
public List<User> getUser (String name)
{
List<User> listUser = new ArrayList<User> ();
User user = new User ();
user.setUsername ("Admin");
user.setPassword ("1234");
// user.setAccountNonExpired (true);
// user.setAccountNonLocked (true);
// user.setCredentialsNonExpired (true);
// user.setEnabled (true);
listUser.add (user);
return listUser;
}
}
感谢。
答案 0 :(得分:1)
我在使用rest oauth2 spring security时遇到了同样的问题。
<强>解
您需要在类中进行一些实现UserDetails(org.springframework.security.core.userdetails)的更改,在您的情况下是用户类。
对于以下重写方法isAccountNonLocked(),isAccountNonExpired(),isEnabled(),isCredentialsNonExpired() 将retrun类型更改为true(默认情况下为false)。
请注意,这些所有方法都应该有一个逻辑,根据您的要求返回true或false,但要使代码正常工作,我建议您为所有提到的方法返回true。