Spring Security服务配置

时间:2014-12-16 11:11:21

标签: java spring-mvc authentication spring-security

我正在尝试使用不同的框架构建Java EE应用程序原型。除安全层外,一切正常。我选择使用配置了Spring配置的Spring Security。

代码是这样的:

Spring Security Config 

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Autowired
    private MyUserDetailsService userDetailsService;

    @Override
    protected UserDetailsService userDetailsService () {
        return this.userDetailsService;
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
        .ignoring()
        .antMatchers("/resources/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .formLogin()
        .loginPage("/login")
        .loginProcessingUrl("/login/authenticate")
        .failureUrl("/login?error=bad_credentials")
        .and()
        .logout()
        .logoutUrl("/signout")
        .deleteCookies("JSESSIONID")
        .and()
        .authorizeRequests()
        .antMatchers("/admin/**").hasRole("ADMIN")
        .antMatchers("/**").permitAll()
        .and()
        .csrf();
    }
}

用户详情服务 

@Service("myUserDetailsService")
public class MyUserDetailsService implements UserDetailsService
{
    public static final Logger log = Logger.getLogger(MyUserDetailsService.class);

    public MyUserDetailsService() {
    }

    @Autowired
    private UserDao userDao;

    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
        final User user = getSystemUser(userName);
        final List<GrantedAuthority> authorities = getUserAuthorities(user);
        return buildUserForAuthentication(user, authorities);
    }

    private User buildUserForAuthentication(User user, List<GrantedAuthority> authorities) {
        //...
    }

    private User getSystemUser(String alias) {
        //...
    }

    private List<GrantedAuthority> getUserAuthorities(User user) {
        //...
        return null;
    }
}

我希望此代码能够做到的是,当用户与用户达到/login/authenticate时传递params,底层的spring代码调用我的用户服务,但这种情况从未发生过。

我错过了什么?

我正在使用spring-security 3.2.3.RELEASE。

1 个答案:

答案 0 :(得分:2)

您应该使用身份验证注册自定义userDetailsS​​ervice,

@Override
protected void registerAuthentication(AuthenticationManagerBuilder auth) 
      throws Exception {
    auth.userDetailsService(this.userDetailsService);
}
对于3.2.3,

配置应为

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(this.userDetailsService);
}
相关问题
最新问题