为什么异常UsernameNotFoundException不会停止应用程序?

时间:2014-02-19 22:30:39

标签: spring-security

我正在使用Spring Security进行身份验证。这是我的代码:

控制器

@RequestMapping(value="/custom_login", method = RequestMethod.GET)
    public String customLogin(){
        return VIEW_LOGIN_SUCCESS_NAME;
    }

身份验证

@Override
    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException {  

        com.startup.app.models.entities.User domainUser = userDao.getUserByLogin(username);  

        if (domainUser == null) {
            LOGGER.error("No user found with username: " + username);
            throw new UsernameNotFoundException("No user found with username: " + username);
        }
      boolean enabled = true;  
      boolean accountNonExpired = true;  
      boolean credentialsNonExpired = true;  
      boolean accountNonLocked = true;  

      return  new User(  
              domainUser.getEmail(),   
              domainUser.getPassword(),   
              enabled,   
              accountNonExpired,   
              credentialsNonExpired,   
              accountNonLocked,  
              getAuthorities(domainUser.getRole())  
      ); 


    }

这是spring配置文件:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.2.xsd">

    <!-- configuration des urls -->
    <security:http auto-config="true">
    <!-- Define the default login page -->
    <security:form-login login-page="/custom_login" username-parameter="email" password-parameter="password" default-target-url="/loginSuccess"/>

    </security:http>


    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider
            ref="authenticationProvider" />
    </security:authentication-manager>

    <bean id="authenticationProvider"
        class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService" />
    </bean>

    <bean id="webexpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />

    <bean id="userDetailsService" class="com.startup.app.services.login.CustomUserDetailsServiceImpl" /> 

</beans>

在上面的配置中,我知道我没有限制访问页面。我只想先测试登录过程是否运行良好。 我不明白为什么在抛出UsernameNotFoundException时应用程序不会停止。除了我用过的记录器之外,我没有关于eclipse的消息。然后应用程序继续执行并显示登录成功页面。 有人可以解释一下吗?

1 个答案:

答案 0 :(得分:1)

请更改您的登录配置:

<security:form-login 
     authentication-success-handler-ref="authenticationSuccessHandler" 
     login-page="/custom_login" 
     username-parameter="email" 
     password-parameter="password" 
     default-target-url="/loginSuccess" 
     always-use-default-target="true" 
     authentication-failure-url="/custom_login" />

要进一步控制目标,可以使用authentication-success-handler-ref属性作为default-target-url的替代方法。引用的bean应该是AuthenticationSuccessHandler的一个实例。

相关问题
最新问题