Spring自动登录问题

时间:2011-03-24 11:36:16

标签: spring spring-security

我正在尝试实现以下spring自动登录,但我的authenticationManager实例抛出以下异常并且没有自动装配。如何手动从Spring获取它的实例?我没有使用弹簧控制器,我正在使用JSF请求范围的bean。当容器尝试自动装配authenticationManager时,我在运行时得到以下异常。 requestCache很好。我应该在UserDetailsS​​ervice实现(userManager)上使用方法吗?我没有看到UserDetailsS​​ervice公开的采用UsernamePasswordAuthenticationToken对象的适当方法。有任何想法吗? 配置:

 <http access-denied-page="/auth/denied.html">
        <intercept-url
            pattern="/**/*.xhtml"
            access="ROLE_NONE_GETS_ACCESS" />
        <intercept-url
            pattern="/auth/**"
            access="ROLE_ANONYMOUS,ROLE_USER" />
         <intercept-url
            pattern="/auth/*"
            access="ROLE_ANONYMOUS" />
         <intercept-url
            pattern="/registered/*"
            access="ROLE_USER" />
          <intercept-url
            pattern="/*"
           access="ROLE_ANONYMOUS" />
        <form-login
            login-processing-url="/j_spring_security_check.html"
            login-page="/auth/login.html"
            default-target-url="/registered/home.html"
            authentication-failure-url="/auth/login.html" />
         <logout invalidate-session="true" 
              logout-success-url="/" 
              logout-url="/auth/logout.html"/>
        <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
        <remember-me user-service-ref="userManager" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
    </http>
    <!-- Configure the authentication provider -->
    <authentication-manager alias="am">
        <authentication-provider user-service-ref="userManager">
                <password-encoder ref="passwordEncoder" />
        </authentication-provider>
    </authentication-manager>

异常 注入自动连接的依赖项失败;嵌套异常是org.springframework.beans.factory.BeanCreationException:无法自动装配字段:protected org.springframework.security.authentication.AuthenticationManager com.dc.web.actions.SignUpDetail.authenticationManager;嵌套异常是org.springframework.beans.factory.NoSuchBeanDefinitionException:没有定义类型为[org.springframework.security.authentication.AuthenticationManager]的唯一bean:期望的单个匹配bean但找到2:[org.springframework.security.authentication.ProviderManager #0,org.springframework.security.authenticationManager]     javax.faces.webapp.FacesServlet.service(FacesServlet.java:325)

 @Named

@Scope( “请求”)  公共类注册  {

 @Inject
 RequestCache requestCache;

 @Inject
 protected AuthenticationManager authenticationManager;

 public String login(){
authenticateUserAndSetSession(utilities.getLoggedInUser(), (HttpServletRequest)        FacesUtils.getExternalContext().getRequest());
    return "/home.html";
}
 private void authenticateUserAndSetSession(Users user,
            HttpServletRequest request)
        {
     UserDetails details = userManager.loadUserByUsername(user.getUsername());
  UsernamePasswordAuthenticationToken usernameAndPassword = 
      new UsernamePasswordAuthenticationToken(
          user.getUsername(), "pwd", details.getAuthorities());

  // Authenticate, just to be sure
  Authentication auth = authenticationManager.authenticate(usernameAndPassword);

  // Place the new Authentication object in the security context.
  SecurityContextHolder.getContext().setAuthentication(auth);
}

2 个答案:

答案 0 :(得分:1)

这是因为Spring Security在内部声明了第二个AuthenticationManager,因此您有两个alias。您需要使用<authentication-manager alias = "am"> ... </authentication-manager> 选择其中一个:

@Inject @Named("am")
protected AuthenticationManager authenticationManager;  

{{1}}

答案 1 :(得分:1)

@ c12如果您使用的是基于自定义角色的授权,则 loadUserByUsername 内部用户详细信息的内部权限集合可能未填充 loadUserByUsername UserManager 类的方法;如果是这种情况,您需要手动将特定角色与权限集合相关联。查看下面的代码段(理想情况下它应该是 loadUserByUsername 方法主体的一部分);假设...... a)MyUser是您自己的用户对象 b)MyUserRole是您自己的角色对象 c)userDetails是您将从loadUserByUsername方法返回的内容

MyUser myUser = userDao.getUserByUsername(username);
Set<GrantedAuthority> grantedAuthSet = new HashSet<GrantedAuthority>();
Set<MyUserRole> myUserRoleSet = myUser.getRoleSet();

for (Iterator<MyUserRole> iterator = myUserRoleSet.iterator(); iterator.hasNext();) {
    MyUserRole userRole = (MyUserRole) iterator.next();
    grantedAuthSet.add(new SimpleGrantedAuthority(userRole.getName()));
}

List<GrantedAuthority> grantedAuthList = new ArrayList<GrantedAuthority>(grantedAuthSet);
myUser.setAuthorities(grantedAuthList);
UserDetails userDetails = new User(myUser.getUsername(), myUser.getPassword(), true, true, true, true, myUser.getAuthorities());

希望这有帮助!

相关问题
最新问题