将spring security与hibernate一起使用,当用户进入/ login并输入他的凭据时,他应该被转发到/ users / home。但他不是第一次登录时,他显示的是404消息。请求的资源不可用(有时在/favicon.ico,如果它在实时域上,localhost /如果它在localhost上)。如果他返回登录页面并使用SAME凭据再次登录,则他已正确登陆/ users / home。这是为什么? http://pastie.org/8586150
spring security xml:
<security:form-login
login-page="/login"
authentication-failure-url="/login?error=true"
default-target-url="/users/home"/>
<security:authentication-manager>
<security:authentication-provider user-service-ref="customUserDetailsService">
</security:authentication-provider>
</security:authentication-manager>
-Controller --------
@RequestMapping(value = "/users/home" )
public String userHome(ModelMap model, HttpServletRequest request) {
User springUser = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
String loginId = springUser.getUsername(); //get logged in username
result = userService.getUserByLoginId(loginId);
Users user = (Users)result.getObject();
HttpSession session = request.getSession(true);
session.setAttribute("userName", user.getName());
// model.addAttribute("username", user.getName());
return "/users/home";
}
package web.service.common;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Repository;
import web.dao.UsersDAO;
import web.dao.impl.jpa.UsersDAOImpl;
import web.entity.Users;
@Service
public class CustomUserDetailsService implements UserDetailsService{
//@Resource
@Autowired
private UsersDAO userDAO;
public UserDetails loadUserByUsername(String email)
throws UsernameNotFoundException, DataAccessException {
// Declare a null Spring User
UserDetails springUser = null;
try {
System.out.println("the email passed from CustomUserDetailsService in method loadUserByUsername is: " +email);
Users dbUser = userDAO.getUserByLoginId(email);
springUser = new User(
dbUser.getEmail(),
dbUser.getPassword().toLowerCase(),
true,
true,
true,
true,
//getAuthorities(dbUser.getAccess()) );
getAuthorities(2) );
} catch (Exception e) {
e.printStackTrace();
System.out.println(e.getMessage());
throw new UsernameNotFoundException("Error in retrieving user");
}
System.out.println("debug ---- 4");
return springUser;
}
public Collection<GrantedAuthority> getAuthorities(Integer access) {
List<GrantedAuthority> authList = (List<GrantedAuthority>) new ArrayList<GrantedAuthority>(2);
authList.add(new GrantedAuthorityImpl("ROLE_USER"));
return authList;
}
}
答案 0 :(得分:0)
这可能是由于dosnt从数据库获取用户。当你没有从数据库中找到任何用户时,尝试返回null。
Users dbUser = userDAO.getUserByLoginId(email);
if(dbUser==null){
return null;
}
我也在使用UserService分享我为Spring安全开发的教程。它可能对你有所帮助
答案 1 :(得分:0)
<security:intercept-url pattern="/favicon.ico" access="permitAll"/>
<security:intercept-url pattern="/" access="permitAll"/>
解决了问题:)
答案 2 :(得分:0)
您需要允许访问favicon的所有内容。 :)