我已经通过实现接口UserDetailsService为spring-security创建了一个自定义身份验证服务,该接口在security-context.xml中被称为bean,因此它将在应用程序启动时加载。目前情况是,我有一个带有映射到bean的LoginController,这是一个在DAO中调用方法来检查用户名和密码是否正确的服务。我只是不知道控制器应该是什么。我发布下面的代码。请告诉我控制器中缺少的是什么。谢谢你的时间。
LoginController.java:
@Controller
@RequestMapping(value = "/login",method = RequestMethod.GET)
public class LoginController {
@Resource(name="userDetailsService")
private LoginService loginService;
}
LoginService.java
@Transactional
@Service("userDetailsService")
@RequestMapping("")
public class LoginService implements UserDetailsService{
@Autowired private UserDao userDao;
@Autowired private Assembler assembler;
@Override
@Transactional
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserDetails userDetails = null;
User user = userDao.findByName(username);
if(user == null) { throw new UsernameNotFoundException("Wrong username or password");}
return assembler.buildUserFromUserEntity(user);
}
}
安全-的applicationContext.xml
<import resource="servlet-context.xml" />
<!-- Global Security settings -->
<security:global-method-security pre-post-annotations="enabled" />
<!-- Spring Security framework settings -->
<security:http use-expressions="true" auto-config="false" access-denied-page="/403" disable-url-rewriting="true">
<security:session-management>
<security:concurrency-control max-sessions="3" error-if-maximum-exceeded="true"/>
</security:session-management>
<security:form-login login-page="/users" default-target-url="/users" always-use-default-target="true"
authentication-failure-url="/denied" username-parameter="username" password-parameter="password" />
<security:logout logout-url="/logout" logout-success-url="/login?out=1" delete-cookies="JSESSIONID" invalidate-session="true" />
<security:intercept-url pattern="/*" requires-channel="any" access="permitAll" />
<security:intercept-url requires-channel="any" pattern="/login*" access="permitAll"/>
<security:intercept-url pattern="/**" requires-channel="any" access="hasRole('ROLE_USER')" />
</security:http>
<!-- queries to be run on data -->
<security:authentication-manager alias="authenticationManager" >
<security:authentication-provider user-service-ref="userDetailsService" />
</security:authentication-manager>
</beans>
Servlet的context.xml中
<mvc:annotation-driven/>
<mvc:default-servlet-handler/>
<!-- Enables the Spring MVC @Controller programming model -->
<resources mapping="/resources/**" location="/resources/" />
<!-- beans start here -->
<beans:bean class = "org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp"/>
</beans:bean>
<context:component-scan base-package="com.WirTauschen"/>
<tx:annotation-driven transaction-manager="transactionManager"/>
登录表单HTML代码
**<form id="form" action="<c:url value='/login'/>" method="POST">
<div class="box-wrapper">
<h4>LOGIN</h4>
<div class="iconic-input">
<input type="text" placeholder="Username" name="j_username" value="">
<i class="icons icon-user-3"></i>
</div>
<div class="iconic-input">
<input type="password" placeholder="Password" name="j_password" value="">
<i class="icons icon-lock"></i>
</div>
<input type="checkbox" id="loginremember"> <label for="loginremember">Remember me</label>
<br>
<br>
<div class="pull-left">
<input name="submit" type="submit" class="orange" value="Login">
</div>
<div class="pull-right">
<a href="#">Forgot your password?</a>
<br>
<a href="#">Forgot your username?</a>
<br>
</div>
<br class="clearfix">
</div>
<div class="footer">
<h4 class="pull-left">NEW CUSTOMER?</h4>
<a class="button pull-right" href="create_an_account.html">Create an account</a>
</div>
</form>
</li>
</ul>
</li>
<li><a href="#"><i class="icons icon-lock"></i> Create an Account</a></li>
</ul>
</nav>