这个自定义Spring Security方法可以正常使用,而无需使用aop:scoped-proxy。我试图使用用户bean"用户"为了具有会话特定的实例。
如果我使用aop:scoped-proxy,方法loadUserByUserName将无法按预期工作。没有异常抛出。它只是以某种方式跳过调用用户setter方法并跳过它之后的sysout。结果它没有授权。 我怀疑为我的用户bean创建的代理对象正在发生一些事情。如果已调试,则在设置username的值之前,它会转到org.springframework.aop.framework.CglibAopProxy对象...然后授权失败。
P.S。我还尝试了proxy-target-class属性的两个参数(" false"" true"),这里列出的代码用于" false"一个
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.out.println("Username: " + username);
UserEntity userEntity = userJpaDao.fetchUserByUsername(username);
if(userEntity == null) {
throw new UsernameNotFoundException("Error: User doesn't exist!");
}
else {
user.setUsername(userEntity.getUsername());
user.setPassword(userEntity.getPassword());
user.setFirstName(userEntity.getFirstName());
user.setLastName(userEntity.getLastName());
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for(GrantedAuthorityEntity gae: userEntity.getAuthorities()) {
GrantedAuthority ga = new SimpleGrantedAuthority(gae.getAuthority());
authorities.add(ga);
}
user.setAuthorities(authorities);
System.out.println("lastname: " + user.getLastName());
System.out.println("auth size: " + (user.getAuthorities()).size());
return new User(user.getUsername(), user.getPassword(), user.getAuthorities());
}
}
配置:
<bean id="homeController" class="org.sokol.webapp.controller.HomeController">
<property name="user" ref="baseUserBean"/>
<property name="userService" ref="userService"></property>
</bean>
<bean id="baseUserBean" class="org.sokol.webapp.beans.UserBean" scope="session">
<aop:scoped-proxy proxy-target-class="false"/>
</bean>
<bean id="userJpaDao" class="org.sokol.webapp.service.UserJpaDao"/>
<bean id="userService" class="org.sokol.webapp.service.UserService">
<property name="userJpaDao" ref="userJpaDao"/>
<property name="user" ref="baseUserBean"/>
<property name="passwordEncoder" ref="passwordEncoder"/>
</bean>
<mvc:annotation-driven />
<mvc:resources mapping="/resources/**" location="/resources/" />
<bean class="org.springframework.web.servlet.view.tiles3.TilesViewResolver" />
<bean class="org.springframework.web.servlet.view.tiles3.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/views/**/tiles.xml</value>
</list>
</property>
</bean>
安全-配置:
<security:http auto-config="true" use-expressions="false">
<security:form-login
login-page="/"
authentication-failure-url="/loginfail"
default-target-url="/userprofile"/>
<security:logout
logout-url="/logout"
logout-success-url="/"/>
<security:intercept-url pattern="/userprofile" access="ROLE_USER"/>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userService">
<security:password-encoder ref="passwordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<bean id="webexpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
的web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/webapp-mvc-servlet.xml
/WEB-INF/datasource-config.xml
/WEB-INF/security-config.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>webapp-mvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>webapp-mvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>