Spring Security返回guest而不是UserDetails for Authentication.getPrincipal()

时间:2011-03-10 08:05:41

标签: spring-security

我正在尝试实现spring security 3.1.0.M1,我无法让我的应用程序将Authentication.getPrincipal设置为我的自定义UserDetails实现。当我尝试获取登录用户时,它总是返回“guest”的主体。请参阅下面的getLoggedInUser方法。

在Users.java(UserDetails impl)中,getAuthorities方法永远不会被调用,这可能就是为什么user_role没有被分配。

也许我错误配置了一些东西......我附上了我的实施大纲,希望有人能发现我的错误。谢谢你的帮助!

public static Users getLoggedInUser() {
    Users user = null;
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (auth != null && auth.isAuthenticated()) {
        Object principal = auth.getPrincipal();
        if (principal instanceof Users) {
            user = (Users) principal;
        }
    }
    return user;
}

安全上下文文件(删除了xml和模式定义):

<global-method-security secured-annotations="enabled">
</global-method-security>
<http security="none" pattern="/services/rest-api/1.0/**" />
<http security="none" pattern="/preregistered/**" />
<http access-denied-page="/auth/denied.html">
    <intercept-url
        pattern="/**/*.xhtml"
        access="ROLE_NONE_GETS_ACCESS" />
    <intercept-url
        pattern="/auth/**"
        access="ROLE_ANONYMOUS,ROLE_USER" />
    <intercept-url
        pattern="/auth/*"
        access="ROLE_ANONYMOUS" />
     <intercept-url
        pattern="/**"
        access="ROLE_USER" />
    <form-login
        login-processing-url="/j_spring_security_check.html"
        login-page="/auth/login.html"
        default-target-url="/registered/home.html"
        authentication-failure-url="/auth/login.html?_dc=45" />
    <logout logout-url="/auth/logout.html"
            logout-success-url="/" />
    <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
    <remember-me user-service-ref="userManager" key="valid key here"/>
</http>
<!-- Configure the authentication provider -->
<authentication-manager>
    <authentication-provider user-service-ref="userManager">
            <password-encoder ref="passwordEncoder" />
    </authentication-provider>
</authentication-manager>

UserDetails实现(Users.java):

public class Users implements Serializable, UserDetails {
    public Collection<GrantedAuthority> getAuthorities() {
     List<GrantedAuthority> auth = new ArrayList<GrantedAuthority>();
    auth.add(new GrantedAuthorityImpl("ROLE_USER"));
    return auth;
}

}

user-service-ref =“userManager”(UserManagerImpl.java):

 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
    Users user = null;
    try {
        user = userDAO.findByUsername(username);
    } catch (DataAccessException ex) {
        throw new UsernameNotFoundException("Invalid login", ex);
    }
    if (user == null) {
        throw new UsernameNotFoundException("User not found.");
    }
    return user;
}

1 个答案:

答案 0 :(得分:1)

您是否在此行中收到编译错误:auth.add("ROLE_USER");

我认为应该是:auth.add(new SimpleGrantedAuthority("ROLE_USER"));

相关问题
最新问题