我遇到Spring安全问题,即使我提供了正确的凭据,它也会将我重定向到登录页面。 当我查看服务器日志时,我无法找到实现UserDetailsService的类的任何调用,这里是用于验证凭据的类:
@Service
//@Transactional(readOnly=true)
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private AdministrateurDao administrateurDAO;
protected final Log logger = LogFactory.getLog(getClass());
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
*/
public UserDetails loadUserByUsername(String login)
throws UsernameNotFoundException {
Administrateur domainUser= administrateurDAO.getUser(login);
logger.info("loadUserByUsername username="+login);
System.out.println("je suis dans customuserdetailsservice");
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
//end de configuration de spring security
return new User(
domainUser.getLogin(),
domainUser.getPassword(),
enabled,
accountNonExpired,
credentialsNonExpired,
accountNonLocked,
getAuthorities(domainUser.getRole().getId())
);
}
public Collection<? extends GrantedAuthority> getAuthorities(Integer role) {
List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
return authList;
}
/*
* i have two role admin and normaluser
*/
public List<String> getRoles(Integer role) {
List<String> roles = new ArrayList<String>();
//
System.out.println("je suis dans role");
//
if (role.intValue() == 1) {
roles.add("ROLE_MODERATOR");
roles.add("ROLE_ADMIN");
} else if (role.intValue() == 2) {
roles.add("ROLE_MODERATOR");
}
return roles;
}
public static List<GrantedAuthority> getGrantedAuthorities(List<String> roles) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
return authorities;
}
}
for spring-security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<context:annotation-config />
<context:component-scan base-package="net.nokia.controller, net.nokia.dao, net.nokia.service" />
<beans:bean id="jspViewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<beans:property name="prefix" value="/WEB-INF/jsp/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<!-- spring security configuration -->
<http use-expressions="true" auto-config="true">
<!--<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"/> -->
<intercept-url pattern="/j_spring_security_check" access="permitAll"/>
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/alarmes" access="hasRole('ROLE_MODERATOR')" />
<intercept-url pattern="/alarme/*" access="hasRole('ROLE_MODERATOR')" />
<intercept-url pattern="/rapports" access="hasRole('ROLE_MODERATOR')" />
<intercept-url pattern="/assets/**" access="permitAll" />
<intercept-url pattern="/rapport/*" access="hasRole('ROLE_MODERATOR')" />
<intercept-url pattern="/notifications" access="hasRole('ROLE_MODERATOR')" />
<intercept-url pattern="/notification/*" access="hasRole('ROLE_MODERATOR')" />
<intercept-url pattern="/" access="hasRole('ROLE_MODERATOR')" />
<intercept-url pattern="/administrateurs" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/administrateur/*" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/**" access="isAuthenticated()"/>
<form-login login-page="/login"
default-target-url="/success-login"
authentication-failure-url="/error-login" />
<logout invalidate-session="true" logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>
<!-- end of spring security configration -->
<beans:bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<beans:property name="basename" value="classpath:messages" />
<beans:property name="defaultEncoding" value="UTF-8" />
</beans:bean>
<beans:bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
p:location="/WEB-INF/jdbc.properties" />
<beans:bean id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"
p:driverClassName="${jdbc.driverClassName}"
p:url="${jdbc.databaseurl}" p:username="${jdbc.username}"
p:password="${jdbc.password}" />
<beans:bean id="sessionFactory"
class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
<beans:property name="dataSource" ref="dataSource" />
<beans:property name="configLocation">
<beans:value>classpath:hibernate.cfg.xml</beans:value>
</beans:property>
<beans:property name="configurationClass">
<beans:value>org.hibernate.cfg.AnnotationConfiguration</beans:value>
</beans:property>
<beans:property name="hibernateProperties">
<beans:props>
<beans:prop key="hibernate.dialect">${jdbc.dialect}</beans:prop>
<beans:prop key="hibernate.show_sql">true</beans:prop>
</beans:props>
</beans:property>
</beans:bean>
<tx:annotation-driven />
<beans:bean id="transactionManager"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<beans:property name="sessionFactory" ref="sessionFactory" />
</beans:bean>
</beans:beans>
和我的web.xml文件:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Spring3-Hibernate</display-name>
<welcome-file-list>
<!-- <welcome-file>list.html</welcome-file> -->
<welcome-file>/</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-servlet.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlet and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<session-config>
<session-timeout>15</session-timeout>
</session-config>
<!-- end spring container -->
<!-- spring security filters -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- end spring security filters -->
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.js</url-pattern>
<url-pattern>*.css</url-pattern>
<url-pattern>*.jpg</url-pattern>
<url-pattern>*.png</url-pattern>
<url-pattern>*.gif</url-pattern>
<url-pattern>*.eot</url-pattern>
<url-pattern>*.ttf</url-pattern>
<url-pattern>*.woff</url-pattern>
<url-pattern>*.woff2</url-pattern>
</servlet-mapping>
</web-app>
登录过程总是将我重定向到控制器,它将映射错误登录路径,那么为什么即使被spring认可,也不会调用customerusersdetails,因为当我删除UserDetailsService的implmentation方法时它给了我关于实现来自spring security的那些方法的错误。 我不明白导致这个问题是什么,有没有办法调试我的请求,或者有人指出我正确的方向。 提前谢谢你。