如何使用UserDetails的loadUserByUsername方法(我有空用户名)?

时间:2014-10-30 21:13:37

标签: spring spring-mvc spring-security

我已在我的应用程序中配置Spring Security。我想测试我可以登录我的应用程序,我已经使用默认登录URL。这是我的spring配置文件:

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
    <global-method-security pre-post-annotations="enabled" />
 <http pattern="/resources/**" security="none" />

 <http auto-config="true" use-expressions="true">

    <intercept-url pattern="/user/*" access="hasRole('ROLE_USER')"/>
    <intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN')"/>
 </http>

<authentication-manager>
            <authentication-provider user-service-ref="customUserDetailsServiceImpl"/>
</authentication-manager>           
</beans:beans>

在我的customerUserDetailsS​​erviceImpl代码下面:

@Service
public class CustomUserDetailsServiceImpl implements UserDetailsService{

    @Autowired
    private IUserServices userServices;

    @Override
    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
        User user = userServices.findUserByEmail(email);

        if (user == null) {
            //LOGGER.error("No user found with username: " + username);
            throw new UsernameNotFoundException("No user found with username: " + email);
        }
        //TODO change 
         boolean enabled = true;  
          boolean accountNonExpired = true;  
          boolean credentialsNonExpired = true;  
          boolean accountNonLocked = true;  

          UserDetails userDetails =  new org.springframework.security.core.userdetails.User(user.getEmail(),user.getPassword(),enabled,accountNonExpired, credentialsNonExpired,accountNonLocked,getAuthorities(user.getRole())); 

          Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
          SecurityContextHolder.getContext().setAuthentication(authentication);
          return userDetails;
    }

    public Collection getAuthorities(Role role) {
           // public Collection<!--? extends GrantedAuthority--> getAuthorities(Long role) {  
                List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));  
                return authList;  
            }  




    // TODO AMELIORER
    public List<String> getRoles(Role role) {  

        List<String> roles = new ArrayList<String>();  

        if (role.equals("ROLE_ADMIN")) {  
            roles.add("ROLE_ADMIN");  
            roles.add("ROLE_USER");

        } 
        else if(role.equals("ROLE_USER")){
            roles.add("ROLE_USER");
        }
        return roles;  
    }  

    public static List<GrantedAuthority> getGrantedAuthorities(List<String> roles) {  
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();  

        for (String role : roles) {  
            authorities.add(new SimpleGrantedAuthority(role));  
        }  
        return authorities;  
    }  

      }

我在网址上发帖请求

在结果中我有一个200 http代码,并在调试后我注意到在线

User user = userServices.findUserByEmail(email);

在我的自定义用户详细信息服务中,电子邮件为空。为什么这个 ?如何为用户详细信息提供用户名和密码? enter image description here 谢谢你的帮助

1 个答案:

答案 0 :(得分:0)

/ **和/ *之间的区别在类描述org.springframework.util.AntPathMatcher中得到了很好的解释,有很好的例子,看看