我是Spring的新手,希望将其集成到现有的Struts 1.3 webapp中。
我成功地遵循了this教程,当它很简单时,它的效果非常好。
然而,在本教程中,用户被硬编码到security.xml:
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5"/>
<user-service>
<user name="admin" password="21232f297a57a5a743894a0e4a801fc3" authorities="ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
如果我理解正确启用自定义身份验证,我需要实现扩展CustomAuthenticationProvider接口的AuthenticationProvider,该接口具有身份验证方法。
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
...
Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
return new UsernamePasswordAuthenticationToken(user, password, authorities);
}
但是UsernamePasswordAuthenticationToken在其构造函数中接受Collection,并且在我们的模型实体中不会扩展spring安全性交互,例如UserDetails和GrantedAuthority。
那么有没有一种方法来验证用户而不在我的实体中扩展spring安全接口?
编辑:
我添加了customUserDetailService:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login.do" access="isAnonymous()"/>
<intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/j_spring_security_check" access="permitAll"/>
<form-login login-page="/login.do"
authentication-failure-url="/login.do?login_error=1"
default-target-url="/index.do"/>
<logout invalidate-session="true"
logout-url="/logout.do"
logout-success-url="/"/>
<csrf />
<remember-me />
<access-denied-handler error-page="/denied"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailService" />
</authentication-manager>
<beans:bean id="customUserDetailService" class="com.demo.service.CustomUserDetailsService"/>
但是没有调用loadUserByUsername()方法......