使用Spring-rest API的http-basic身份验证实现Spring Security时遇到问题

时间:2015-07-26 07:49:29

标签: spring spring-mvc spring-security

您好我刚接触Spring安全并尝试在我的项目中实现它。

我正在尝试使用Spring Security的UserDetailsS​​ervice来实现安全性。 我已经配置了从web.xml到spring-security.xml的所有东西 我在实现UserDetailsS​​ervice的类中自动装配DAO类时面临编译问题。如果我没有自动装配,那么代码编译成功,当我从邮递员测试代码时,我收到错误,如下所示

12:13:45.738 [http-nio-8080-exec-3] DEBUG o.s.s.a.DefaultAuthenticationEventPublisher - No event was found for the exception org.springframework.security.authentication.InternalAuthenticationServiceException
12:13:45.738 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Authentication request for failed: org.springframework.security.authentication.InternalAuthenticationServiceException

以下是我的web.xml 

     <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
                    /WEB-INF/spring/root-context.xml
                    classpath:spring-security.xml
        </param-value>
    </context-param>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

我的spring-security.xml文件包含

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd">

    <context:annotation-config/>
    <bean id="authenticationEntryPoint" class="user.app.security.DemoAppEntryPoint">
        <constructor-arg name="loginFormUrl" value="/auth/login"/>
    </bean>

    <security:http use-expressions="true"  create-session="stateless" entry-point-ref="authenticationEntryPoint" >
        <security:intercept-url pattern="/auth/login"  access="hasAnyRole('UserAppAdmin','HR','manager')" />
        <security:intercept-url pattern='/user/**' access="hasAnyRole('UserAppAdmin','HR','manager')"/>
        <security:http-basic />
        <security:csrf disabled="true"/>
    </security:http>


    <bean id="userappAuthenticationProvider" class="user.app.security.UserappAuthenticationProvider" />

    <security:authentication-manager>
        <security:authentication-provider user-service-ref="userappAuthenticationProvider">
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

我的UserappAuthenticationProvider类

public class UserappAuthenticationProvider implements UserDetailsService{

    // Is it neccessary to autowire this object
    // And this is causing problem when i am trying to autowire it's giving compilation error 
    private FarmerDAO farmerdao;

    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
        UserLogin farmer = farmerdao.getUserByLogin(userName);
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        UserApp principal = null;
        principal = new UserApp(authorities,farmer.getUserId(), farmer.getUserName(), farmer.getRtn(), farmer);
        String role=farmer.getRole();
        System.out.println(farmer);
        authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
        return principal;
    }   
}

如果是autowire,则编译错误如下:

Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [user.app.service.FarmerDAO] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)}

当我从邮递员测试并调试应用程序时,有一件事。 请求到达行

FarmerLogin farmer = farmerService.getUserByLogin(userName);

的UserappAuthenticationProvider类并在帖子开头显示错误。

如果我错过了某些部分,请建议我,我可以成功验证用户。

1 个答案:

答案 0 :(得分:1)

在你在这里提供的代码中,没有在xmls中定义farmerdao bean的迹象,而userappAuthenticationProvider没有任何setter,它的bean也没有为它设置属性。所以我认为这是你的问题。

根据我的经验,最好使用一种模式,xml或注释。我更喜欢xml。

结果将如下:

 <bean id="farmerdao" class="user.app.security.FarmerDaoImpl">
    <!-- set the required attributes to connect your dao to the DB -->
 <bean>

 <bean id="userappAuthenticationProvider" class="user.app.security.UserappAuthenticationProvider">
   <property name="farmerdao" ref="farmerdao"/>
 </bean>

当然,您需要在UserappAuthenticationProvider中为farmerdao定义一个setter。

相关问题
最新问题