我已将弹簧安全配置如下:
根上下文
<import resource="classpath:springConfig.xml" />
<import resource="appServlet/servlet-context.xml" />
<import resource="appServlet/spring-security.xml" />
<bean id="InitializationService"
class="kh.com.gfam.rsos.businesslogic.initialization.impl.InitializationServiceImpl">
</bean>
<bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:messages_en"></property>
<property name="defaultEncoding" value="UTF-8"></property>
</bean>
<!-- Custom Spring Security -->
<bean id="companyIdUsernamePasswordAuthenticationProvider"
class="kh.com.gfam.rsos.common.security.RsosAuthenticationProvider" />
<bean id="companyIdUsernamePasswordAuthenticationFilter"
class="kh.com.gfam.rsos.common.security.RsosUsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="sessionAuthenticationStrategy" ref="sas" />
<property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
<property name="filterProcessesUrl" value="/Authenticate" />
</bean>
<bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<constructor-arg value="/Login" />
</bean>
<bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/Login/defaultError" />
<property name="exceptionMappings">
<props>
<prop
key="org.springframework.security.authentication.BadCredentialsException">
/Login/badCredentials
</prop>
<prop
key="org.springframework.security.core.userdetails.UsernameNotFoundException">
/Login/userNotFound
</prop>
<prop
key="org.springframework.security.authentication.DisabledException">
/Login/disabled
</prop>
<prop
key="org.springframework.security.authentication.ProviderNotFoundException">
/Login/providerNotFound
</prop>
<prop
key="org.springframework.security.authentication.AuthenticationServiceException">
/Login/authenticationService
</prop>
</props>
</property>
</bean>
<bean id="authenticationSuccessHandler"
class="kh.com.gfam.rsos.common.security.RsosAuthenticationSuccessHandler">
</bean>
<bean id="RsosLogoutSuccessHandler"
class="kh.com.gfam.rsos.common.security.RsosLogoutSucessHandler"></bean>
<bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<constructor-arg name="expiredUrl" value="/session-expired.jsp" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="sas"
class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
<constructor-arg>
<list>
<bean
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<constructor-arg ref="sessionRegistry" />
<property name="maximumSessions" value="1" />
<property name="exceptionIfMaximumExceeded" value="true" />
</bean>
<bean
class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
<bean
class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<constructor-arg ref="sessionRegistry" />
</bean>
</list>
</constructor-arg>
</bean>
弹簧security.xml文件
<http auto-config="false" use-expressions="true"
entry-point-ref="loginUrlAuthenticationEntryPoint">
<intercept-url pattern="/Admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/Concierge/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/**" access="permitAll" />
<custom-filter position="FORM_LOGIN_FILTER"
ref="companyIdUsernamePasswordAuthenticationFilter" />
<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<logout logout-url="/Logout" delete-cookies="true"
invalidate-session="true" success-handler-ref="RsosLogoutSuccessHandler" />
<csrf disabled="true" />
<session-management invalid-session-url="/Login"
session-authentication-strategy-ref="sas" />
<access-denied-handler error-page="/accessDenied" />
</http>
<global-method-security secured-annotations="enabled" />
<authentication-manager alias="authenticationManager">
<authentication-provider
ref="companyIdUsernamePasswordAuthenticationProvider" />
</authentication-manager>
的web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>webapp.root</param-value>
</context-param>
<context-param>
<param-name>log4jExposeWebAppRoot</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.WebAppRootListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>kh.com.gfam.rsos.listener.InitializeApplicationListner</listener-class>
</listener>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<multipart-config>
<max-file-size>10485760</max-file-size>
<max-request-size>104857600</max-request-size>
<file-size-threshold>20971520</file-size-threshold>
</multipart-config>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.css</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.js</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.png</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.jpg</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<display-name>GetImageController</display-name>
<servlet-name>GetImageController</servlet-name>
<servlet-class>kh.com.gfam.rsos.presentation.controller.GetImage.GetImageController</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>GetImageController</servlet-name>
<url-pattern>/GetImageController</url-pattern>
</servlet-mapping>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/views/error_pages/404.jsp</location>
</error-page>
<error-page>
<error-code>405</error-code>
<location>/WEB-INF/views/error_pages/405.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/WEB-INF/views/error_pages/500.jsp</location>
</error-page>
<error-page>
<error-code>400</error-code>
<location>/WEB-INF/views/error_pages/400.jsp</location>
</error-page>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/WEB-INF/views/error_pages/system_error.jsp</location>
</error-page>
弹簧-config.xml中
<mvc:annotation-driven />
<mybatis-spring:scan base-package="kh.com.gfam.rsos.dataaccess.dao.**" />
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver">
</property>
<property name="url" value="jdbc:mysql://localhost:3306/rsosdb">
</property>
<property name="username" value="admin"></property>
<property name="password" value="gfam"></property>
</bean>
<bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
<property name="searchSystemEnvironment" value="true" />
<property name="locations">
<list>
<value>classpath:application.properties</value>
<value>classpath:messages_en.properties</value>
<value>classpath:email.properties</value>
<value>classpath:emailtemplate.properties</value>
</list>
</property>
</bean>
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource"></property>
<property name="configLocation" value="classpath:mybatisConfig.xml">
</property>
</bean>
<bean id="sqlSession" class="org.mybatis.spring.SqlSessionTemplate">
<constructor-arg index="0" ref="sqlSessionFactory" />
</bean>
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="com.sivalabs.mybatisdemo.mappers" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="multipartResolver"
class="org.springframework.web.multipart.support.StandardServletMultipartResolver">
</bean>
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
<property name="defaultLocale" value="en" />
<property name="cookieName" value="myAppLocaleCookie"></property>
<property name="cookieMaxAge" value="3600"></property>
</bean>
<!-- mail configuration -->
<bean class="org.springframework.mail.javamail.JavaMailSenderImpl"
id="mailSender">
<property name="host" value="${email.host}" />
<property name="protocol" value="${email.protocol}" />
<property name="port" value="${email.port}" />
<property name="username" value="${email.username}" />
<property name="password" value="${email.password}" />
<property name="javaMailProperties">
<props>
<prop key="mail.smtp.auth">true</prop>
<prop key="mail.smtp.starttls.enable">true</prop>
<prop key="mail.smtp.ssl.trust">${email.host}</prop>
</props>
</property>
</bean>
<bean class="org.springframework.mail.SimpleMailMessage" id="orderRequestReceivedTemplate">
<property name="subject" value="${email.subject.request.received}" />
<property name="text" value="${email.text.request.received}" />
</bean>
<bean class="org.springframework.mail.SimpleMailMessage" id="cancelRequestRecievedTemplate">
<property name="subject" value="${email.subject.request.canceled}" />
<property name="text" value="${email.subject.request.canceled}" />
</bean>
<bean
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="warnLogCategory" value="apperror" />
<property name="exceptionMappings">
<props>
<prop key="java.lang.Exception">error</prop>
</props>
</property>
</bean>
servlet的上下文
<!-- Enables the Spring MVC @Controller programming model -->
<annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
in the /WEB-INF/views directory -->
<beans:bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<context:property-placeholder location="classpath:application.properties"
order="1" ignore-unresolvable="true" />
<context:component-scan base-package="kh.com.gfam.rsos" />
<context:component-scan
base-package="kh.com.gfam.rsos.businesslogic.initialization.impl" />
<context:component-scan
base-package="kh.com.gfam.rsos.businesslogic.displaymenuservice.impl" />
<context:component-scan base-package="kh.com.gfam.rsos.common.util" />
<context:component-scan base-package="kh.com.gfam.rsos.common.security" />
<context:component-scan base-package="kh.com.gfam.rsos.presentation.controller" />
代码
List<Object> allPrincipals = sessionRegistry.getAllPrincipals();
for(Object principal : allPrincipals) {
if(principal instanceof UserDTO) {
final UserDTO user = (UserDTO) principal;
// Do something with user
System.out.println(user);
}
}
当我试图在我的控制器中调用sessionRegistry.getAllPrincipals()时,它总是返回空列表,我已经自动装配了SessionRegistry,并在我的UserDTO类中覆盖了方法equal()和hashCode()。 UserDetail也是。
我在这里做错了什么?