我有一个简单的应用程序,我可以注册用户并对其进行身份验证。我已经使用密码编码并成功验证了它们。我在我的应用程序中使用Spring 3,Spring Security 3和Hibernate 3.
现在我想用他们的密码加密用户的ID,但是我无法实现这个功能。有人可以帮我实现吗?我已经尝试了很长一段时间,但却无法完成它。
这是我用来为用户提供ID并对其进行身份验证的代码。
XYZ-security.xml文件
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/welcome.do" access="hasRole('ROLE_USER')" />
<form-login login-page="/login.do" authentication-failure-url="/login.do?login_error=1"/>
<logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/>
</http>
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="daoAuthenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder">
<salt-source ref="saltSource"/>
</password-encoder>
</authentication-provider>
</authentication-manager>
<!-- For hashing and salting user passwords -->
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
<beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource"
p:userPropertyToUse="id"/>
UserDetailsAdapter.java
@Service("userDetailsAdapter")
public class UserDetailsAdapter {
private Long id;
org.springframework.security.core.userdetails.User buildUserFromUserEntity(User userEntity) {
String username = userEntity.getUsername();
String password = userEntity.getPassword();
boolean enabled = userEntity.isEnabled();
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String authority: userEntity.getAuthorities()) {
authorities.add(new GrantedAuthorityImpl(authority));
}
this.id = userEntity.getId();
org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
return user;
}
public Long getId() {
return id;
}
}
UserDetailsServiceImpl
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserDao userDao;
@Autowired
private UserDetailsAdapter userDetailsAdapter;
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
UserDetails userDetails = null;
User userEntity = userDao.findByUsername(username);
if (userEntity == null) {
throw new UsernameNotFoundException("user not found");
}
userDetails = userDetailsAdapter.buildUserFromUserEntity(userEntity);
return userDetails;
}
}
UserServiceImpl
@Service
public class UserServiceImpl implements UserService {
@Autowired
private UserDao userDao;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private SaltSource saltSource;
public User getByUsername(String username) {
return userDao.findByUsername(username);
}
public User getByEmail(String email) {
return userDao.findByEmail(email);
}
public void createUser(User user) {
userDao.create(user);
UserDetailsAdapter userDetailsAdapter = new UserDetailsAdapter();
org.springframework.security.core.userdetails.User userDetails = userDetailsAdapter.buildUserFromUserEntity(user);
String password = userDetails.getPassword();
Object salt = saltSource.getSalt(userDetails);
user.setPassword(passwordEncoder.encodePassword(password, salt));
userDao.update(user);
}
public void updateUser(User user) {
userDao.update(user);
}
}
有人可以帮我理解我在这里缺少什么吗? 非常感谢。
答案 0 :(得分:7)
ReflectionSaltSource
从UserDetails
的实例中提取salt。但是您使用org.springframework.security.core.userdetails.User
作为UserDetails
的实现,并且它没有名为id
的属性(而不是UserDetailsAdapter
中具有此属性的属性,而不是{这是有道理的,因为UserDetailsAdapter
是单身人士。)
因此,您需要使用org.springframework.security.core.userdetails.User
属性创建id
的子类,并从UserDetailsAdapter
返回。
答案 1 :(得分:7)
以下是使其正常运行的更新文件:
<强> UserDetailsAdapter.java 强>
public class UserDetailsAdapter extends org.springframework.security.core.userdetails.User {
private final Long id;
public UserDetailsAdapter(User userEntity) {
super(userEntity.getUsername(), userEntity.getPassword(), userEntity.isEnabled(), true, true, true, toAuthorities(userEntity.getAuthorities()));
this.id = userEntity.getId();
}
private static Collection<GrantedAuthority> toAuthorities(List<String> authorities) {
Collection<GrantedAuthority> authorityList = new ArrayList<GrantedAuthority>();
for (String authority: authorities) {
authorityList.add(new GrantedAuthorityImpl(authority));
}
return authorityList;
}
public Long getId() {
return id;
}
}
<强> UserDetailsServiceImpl.java 强>
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserDao userDao;
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
UserDetails userDetails = null;
User userEntity = userDao.findByUsername(username);
if (userEntity == null) {
throw new UsernameNotFoundException("user not found");
}
userDetails = new UserDetailsAdapter(userEntity);
return userDetails;
}
}
<强> UserServiceImpl.java 强>
@Service
public class UserServiceImpl implements UserService {
...
public void createUser(User user) {
userDao.create(user);
UserDetailsAdapter userDetails = new UserDetailsAdapter(user);
String password = userDetails.getPassword();
Object salt = saltSource.getSalt(userDetails);
user.setPassword(passwordEncoder.encodePassword(password, salt));
userDao.update(user);
}
...
}
谢谢:)