java - 如何在spring security中自定义UserDetailsService？ - Thinbug

如何在spring security中自定义UserDetailsService？

时间：2016-01-10 20:06:58

标签： java spring spring-mvc spring-security userdetailsservice

我使用Java配置来配置Spring安全性，还使用UserDetailsService Interface，这是我在尝试转到特定请求时被拒绝访问的问题。

这是代码：

MainCofig.class

@Configuration
@ComponentScan("com.telephoenic.tca")
@Import({ WebMvcConfig.class, SecurityConfig.class})

public class MainConfig {

private static final String MESSAGE_SOURCE1 = "classpath:com/telephoenic/tca/languages/Labels";
private static final String MESSAGE_SOURCE2 = "classpath:com/telephoenic/tca/languages/Messages";

@Bean(name = "messageSource")
public MessageSource configureMessageSource() {
    ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource();
    messageSource.setBasenames(MESSAGE_SOURCE1, MESSAGE_SOURCE2);
    messageSource.setUseCodeAsDefaultMessage(true);
    messageSource.setDefaultEncoding("UTF-8");
    messageSource.setCacheSeconds(0);
    return messageSource;
}
}

SecurityConfig.class

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true, prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

JpaTransactionManager telephoenicTrxManger;

@Autowired
private BeanFactory  beanFactory;

@Autowired 
private UserDetailsService userDetailService;


@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    telephoenicTrxManger = (JpaTransactionManager)beanFactory.getBean("telephoenicTrxManger");
            auth.userDetailsService(userDetailService);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/home").authenticated()
    .and().csrf().disable();

}



@Bean
public PasswordEncoder passwordEncoder() {
    PasswordEncoder encoder = new BCryptPasswordEncoder();
    return encoder;
}

@Bean
public UserDetailsService userDetailService() {
    return new SecurityUserDetailService();
}   


}

Initializer.class

public class SpringMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

@Override
protected Class<?>[] getRootConfigClasses() {
    return new Class[] { MainConfig.class };
}

@Override
protected Class<?>[] getServletConfigClasses() {
    return null;
}

@Override
protected String[] getServletMappings() {
    return new String[] { "/" };
}

}

SecurityIitializer.class

public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {

}

SecurityUserDetailsService.class

@Service
@Transactional
public class SecurityUserDetailService implements UserDetailsService{

private UserService userService;

private static UserPrivilegeService userPrivilegeService;

public UserPrivilegeService getUserPrivilege() {
    return userPrivilegeService;
}

@Autowired
public void setUserPrivilege(UserPrivilegeService userPrivilegeService) {
    userPrivilegeService.setEntityClass(UserPrivilege.class);
    SecurityUserDetailService.userPrivilegeService = userPrivilegeService;
}

public UserService getUserService() {
    return userService;
}

@Autowired
public void setUserService(UserService userService) {
    userService.setEntityClass(User.class);
    this.userService = userService;
}


@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
    try {
        User loggedInUser = userService.findByUserName(userName);
        List<GrantedAuthority> authorities = getAuthorities(loggedInUser);
        boolean enabled = loggedInUser.getStatus() == ApplicationConstant.ACTIVE ? true
                : (loggedInUser.getStatus() == ApplicationConstant.ACTIVE ? true
                        : false);
        boolean accountNonExpired = loggedInUser.getStatus() == ApplicationConstant.ACTIVE ? true
                : (loggedInUser.getStatus() == ApplicationConstant.ACTIVE ? true
                        : false);
        boolean credentialsNonExpired = loggedInUser.getStatus() == ApplicationConstant.ACTIVE ? true
                : (loggedInUser.getStatus() == ApplicationConstant.ACTIVE ? true
                        : false);
        boolean accountNonLocked = loggedInUser.getStatus() == ApplicationConstant.ACTIVE ? true
                : (loggedInUser.getStatus() == ApplicationConstant.ACTIVE ? true
                        : false);

        if (!enabled) {
            throw new AccessDeniedException("login.accessdenied.warnmsg");
        }

        if (authorities.size() == 0) {
            throw new AccessDeniedException(
                    "login.accessdenied.permissions.warnmsg");
        }

        return new org.springframework.security.core.userdetails.User(
                loggedInUser.getUsername(),
                loggedInUser.getPassword().toLowerCase(),
                enabled,
                accountNonExpired,
                credentialsNonExpired,
                accountNonLocked,
                authorities);
    } catch (Exception e) {
        throw new UsernameNotFoundException(
                "login.accessdenied.badcredentials.warnmsg");
    }
}

 private static List<GrantedAuthority> getAuthorities(User user) {
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        List<Function> functions = userPrivilegeService.findFunctionsByProfileId(user.getProfile().getId());
        for (Function function : functions) {
            authorities.add(new SimpleGrantedAuthority(function.getName()));
        }
        return authorities;
    }


    }

当我尝试登录时，我得到 HTTP状态403 - 拒绝访问，尽管该用户已获得授权

1 个答案:

答案 0 :(得分：0)

在您的安全配置中，您需要添加以下内容：

http://