人,
人们,我需要帮助。尝试登录用户时出现错误。我使用Spring Security,但是需要手动实现该功能。显然,登录正常进行,但是当我重定向到主页时,出现错误,并且菜单未显示。如果刷新页面,则会显示菜单,但不会显示更多错误。
为什么会出现此错误?在方法中,我得到SecurityContextHolder.getContext并设置了authenticateManager认证的用户。这是不对的?我必须先做其他事情才能重定向到页面?
登录服务
@Service
public class LoginService {
@Autowired
protected AuthenticationManager authenticationManager;
public void authenticateUserAndSession(String username, String password, HttpServletRequest request) {
try {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
request.getSession();
token.setDetails(new WebAuthenticationDetails(request));
Authentication authenticationUser= authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authenticationUser);
} catch (Exception e) {
System.err.println("Error: "+e);
}
}
菜单index.xhtml
<sec:authorize ifAnyGranted="ROLE_USER, ROLE_ADMIM">
<h:form>
<nav class="user">
<ul>
</ul>
</nav>
<nav>
<a href="#" id="menu-icon"></a>
<ul>
<li class="current-user"><p:graphicImage library="images" name="img-profile2.JPG" width="25" height="25" styleClass="profile-img-menu" /> </li>
<li><h:commandLink value="#{userMB.currentUser.pflUser.name}" action="#{userMB.showCurrentUserData}" /></li>
<li><h:commandLink value="Home" action="/index.xhtml?faces-redirect=true" /></li>
<li><h:commandLink value="create" /></li>
<li><h:commandLink value="Work" /></li>
<li><h:commandLink value="Sair" action="#{loginMB.logout}" /></li>
</ul>
</nav>
</h:form>
</sec:authorize>
SecurityWebConfig
@Configuration
@EnableWebSecurity
public class SecurityWebConfig extends WebSecurityConfigurerAdapter{
private static final String USER_BY_MAIL = "SELECT mail, password, enabled FROM user WHERE mail=?";
private static final String PERMISSION_BY_USER = "SELECT u.mail, a.role FROM user_auth ua "
+ "JOIN user u ON u.id_user = ua.user_id "
+ "JOIN authority a ON a.id_auth = ua.auth_id "
+ "WHERE u.mail=?";
@Autowired
private DataSource dataSource;
@Override
public void configure (HttpSecurity http) throws Exception{
http
.authorizeRequests()
.antMatchers("/resources/**/*","/css/**","/javax.faces.resource/**","/template.jsf", "/account/signup.jsf","/account/signup**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.jsf")
.loginProcessingUrl("/login")
.permitAll()
.defaultSuccessUrl("/index.jsf",true)
.failureUrl("/login.jsf?error=true")
.and()
.logout().logoutSuccessUrl("/login.jsf")
.and()
.csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder builder) throws Exception{
builder
.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(new BCryptPasswordEncoder())
.usersByUsernameQuery(USER_BY_MAIL)
.authoritiesByUsernameQuery(PERMISSION_BY_USER)
.rolePrefix("ROLE_");
}
谢谢!