我已在项目中配置了spring security,但每次尝试使用正确的凭据登录时,都无法登录。控制台正在显示未找到salt源的消息。为什么要尝试在userAwareUserDetails中找到getId?我有单独的用户类
2015-04-30 10:44:03 DEBUG ConnectionManager:302 - 在会话中使用on_close连接释放模式完成事务;一定要关闭会话以释放JDBC资源! 2015-04-30 10:44:03 DEBUG UsernamePasswordAuthenticationFilter:346 - 身份验证请求失败:org.springframework.security.authentication.AuthenticationServiceException:无法在用户Object上找到salt方法。该课程' com.spring.security.UserAwareUserDetails'有一个方法或吸气剂名为' getId'吗 2015-04-30 10:44:03 DEBUG UsernamePasswordAuthenticationFilter:347 - 更新了SecurityContextHolder以包含null认证 2015-04-30 10:44:03 DEBUG UsernamePasswordAuthenticationFilter:348 - 委托身份验证失败处理程序org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@6f12ac99 2015-04-30 10:44:03 DEBUG SimpleUrlAuthenticationFailureHandler:67 - 重定向到/ login?action = authFail 2015-04-30 10:44:03 DEBUG DefaultRedirectStrategy:36 - 重定向到' / spring3batchjobliquibasetestngspringsecurityproject / login?action = authFail' 2015-04-30 10:44:03 DEBUG HttpSessionSecurityContextRepository:269 - SecurityContext为空或内容为匿名 - 上下文不会存储在HttpSession中。 2015-04-30 10:44:03 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder现已清除,因为请求处理已完成 2015-04-30 10:44:03 DEBUG OpenSessionInViewFilter:207 - 在OpenSessionInViewFilter中关闭单个Hibernate会话 2015-04-30 10:44:03 DEBUG SessionFactoryUtils:800 - 关闭Hibernate会话
在applicationContext.xml中以下是配置:
<import resource="classpath:resources/spring-security.xml" />
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
........................
</bean>
<bean id="transactionManager"
....................
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="annotatedClasses">
<list>
.......
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="connection.autocommit">true</prop>
<prop key="hibernate.dialect">
org.hibernate.dialect.PostgreSQLDialect
</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.hbm2ddl.auto">createOrUpdate</prop>
<prop key="org.hibernate.FlushMode">AUTO</prop>
<prop key="hibernate.connection.autocommit">true</prop>
<prop key="hibernate.transaction.flush_before_completion">true</prop>
<prop key="connection.autocommit">true</prop>
</props>
</property>
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
</beans>
从上面可以清楚地看到我在applicationContext中导入spring-security.xml
在spring-security.xml中以下是配置
<!-- Scan for spring annotated components -->
<context:component-scan base-package="com.spring">
<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<http pattern="/assets/**" security="none" />
<http pattern="/login" security="none"/>
<!-- HTTP basic authentication in Spring Security -->
<http auto-config="true">
<intercept-url pattern="/api/**" access="ROLE_API" />
<intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/" access="ROLE_ANONYMOUS"/>
<intercept-url pattern="/**" access="ROLE_ADMIN" />
<access-denied-handler error-page="/login?action=authFail"/>
<form-login login-page="/login" default-target-url="/userAdmin" authentication-failure-url="/login?action=authFail" />
<logout logout-success-url="/login?logout=loginFail"/>
</http>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder">
<salt-source ref="saltSource"/>
</password-encoder>
</authentication-provider>
</authentication-manager>
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
<beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<beans:property name="userPropertyToUse">
<beans:value>getId</beans:value>
</beans:property>
</beans:bean>
我有自定义userserviceDetailImpl,其中我已经覆盖了loadUserByUsername方法。
以下是用户类
public class User {
private Long id = new Long(-1L);
..............................
public void setId(Long id) {
this.id = id;
}
public Long getId() {
return this.id;
}
public boolean isPersistent() {
return version != null;
}
...............
............
}
任何人都可以帮我吗?
答案 0 :(得分:0)
现在已经解决了这个问题,通过在userawareuserdetails类中添加getter方法,问题得以解决。