我已在我的应用程序中配置Spring Security。我想测试我可以登录我的应用程序,我已经使用默认登录URL。这是我的spring配置文件:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<global-method-security pre-post-annotations="enabled" />
<http pattern="/resources/**" security="none" />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/user/*" access="hasRole('ROLE_USER')"/>
<intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN')"/>
</http>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsServiceImpl"/>
</authentication-manager>
</beans:beans>
在我的customerUserDetailsServiceImpl代码下面:
@Service
public class CustomUserDetailsServiceImpl implements UserDetailsService{
@Autowired
private IUserServices userServices;
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
User user = userServices.findUserByEmail(email);
if (user == null) {
//LOGGER.error("No user found with username: " + username);
throw new UsernameNotFoundException("No user found with username: " + email);
}
//TODO change
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
UserDetails userDetails = new org.springframework.security.core.userdetails.User(user.getEmail(),user.getPassword(),enabled,accountNonExpired, credentialsNonExpired,accountNonLocked,getAuthorities(user.getRole()));
Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
return userDetails;
}
public Collection getAuthorities(Role role) {
// public Collection<!--? extends GrantedAuthority--> getAuthorities(Long role) {
List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
return authList;
}
// TODO AMELIORER
public List<String> getRoles(Role role) {
List<String> roles = new ArrayList<String>();
if (role.equals("ROLE_ADMIN")) {
roles.add("ROLE_ADMIN");
roles.add("ROLE_USER");
}
else if(role.equals("ROLE_USER")){
roles.add("ROLE_USER");
}
return roles;
}
public static List<GrantedAuthority> getGrantedAuthorities(List<String> roles) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
return authorities;
}
}
我在网址上发帖请求
在结果中我有一个200 http代码,并在调试后我注意到在线
User user = userServices.findUserByEmail(email);
在我的自定义用户详细信息服务中,电子邮件为空。为什么这个 ?如何为用户详细信息提供用户名和密码? 谢谢你的帮助