我发现有很多话题都在谈论这个问题,但是没有一个对我有帮助。 我尝试使用Spring Security和Hibernate创建一个登录页面,这是我的配置:
applicationContext-db.xml
<!-- DATASOURCE -->
<bean name="mySqlDatasource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${database.driver}"/>
<property name="url" value="${database.url}"/>
<property name="username" value="${database.username}"/>
<property name="password" value="${database.password}"/>
</bean>
<!-- SESSION FACTORY -->
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="mySqlDatasource"/>
<property name="annotatedClasses">
<list>
<value>com.medkhelifi.tutorials.todolist.models.entities.Role</value>
<value>com.medkhelifi.tutorials.todolist.models.entities.User</value>
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect"> org.hibernate.dialect.MySQL5Dialect </prop>
<prop key="hibernate.format_sql">true</prop>
<prop key="hibernate.show_sql">true</prop>
</props>
</property>
</bean>
<!-- DAO BEANS -->
<bean id="useDao" class="com.medkhelifi.tutorials.todolist.models.dao.impl.UserDaoImp">
<property name="sessionFactory" ref="sessionFactory"/>
</bean>
<!-- SERVICES -->
<bean id="myUserDetailsService" class="com.medkhelifi.tutorials.todolist.services.MyUserDetailsService">
<property name="userDao" ref="useDao"/>
</bean>
<!-- MUST have transaction manager, using aop and aspects -->
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory"/>
</bean>
<tx:advice id="txAdvice" transaction-manager="transactionManager">
<tx:attributes>
<tx:method name="get*" read-only="true" />
<tx:method name="find*" read-only="true" />
<tx:method name="*" />
</tx:attributes>
</tx:advice>
<aop:config>
<aop:pointcut id="userServicePointCut"
expression="execution(* com.medkhelifi.tutorials.todolist.*Services.*(..))" />
<aop:advisor advice-ref="txAdvice" pointcut-ref="userServicePointCut" />
</aop:config>
applicationContext-security.xml
<http auto-config="true">
<intercept-url pattern="/login*" access="permitAll()"/>
<intercept-url pattern="/javax.faces.resource/**" access="permitAll()"/>
<intercept-url pattern="/**" access="isAuthenticated()" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login.xhtml"
default-target-url="/welcome"
authentication-failure-url="/login.xhtml?error"
login-processing-url="/j_spring_security_check"
username-parameter="input_username"
password-parameter="input_password" />
<logout logout-success-url="/login.xhtml?logout" />
<!-- enable csrf protection -->
<csrf />
</http>
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailsService">
<password-encoder hash="bcrypt"/>
</authentication-provider>
</authentication-manager>
UserDaoImp.java
package com.medkhelifi.tutorials.todolist.models.dao.impl;
import com.medkhelifi.tutorials.todolist.models.dao.UserDao;
import com.medkhelifi.tutorials.todolist.models.entities.User;
import org.hibernate.SessionFactory;
import javax.transaction.Transactional;
import java.util.List;
@Transactional
public class UserDaoImp implements UserDao {
private SessionFactory sessionFactory;
@SuppressWarnings("unchecked")
public User findByUsername(String username) {
List<User> users;
users = sessionFactory.getCurrentSession().createQuery("from User where username =?").setParameter(0, username).list();
if(users.size()>0) {
return users.get(0);
}else {
return null;
}
}
public SessionFactory getSessionFactory() { return sessionFactory; }
public void setSessionFactory(SessionFactory sessionFactory) { this.sessionFactory = sessionFactory; }
}
MyUserDetailsService.java
package com.medkhelifi.tutorials.todolist.services;
import com.medkhelifi.tutorials.todolist.models.dao.UserDao;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.User;
import javax.transaction.Transactional;
@Transactional
public class MyUserDetailsService implements UserDetailsService {
private UserDao userDao;
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
com.medkhelifi.tutorials.todolist.models.entities.User user = userDao.findByUsername(s);
if(user == null){
throw new UsernameNotFoundException(s);
}else{
return buildUserForAuthentification(user);
}
}
private User buildUserForAuthentification(com.medkhelifi.tutorials.todolist.models.entities.User user){
return new User(user.getUsername(), user.getPassword(), null);
}
public void setUserDao(UserDao userDao) {
this.userDao = userDao;
}
}
当我尝试登录时,遇到著名的“找不到当前线程的会话”问题
11-Oct-2018 15:50:36.283 GRAVE [http-nio-8080-exec-4] org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.doFilter An internal error occurred while trying to authenticate the user.
org.springframework.security.authentication.InternalAuthenticationServiceException: No Session found for current thread
我使用自定义jsf登录页面。 希望我给出的要素足以回答我的问题。