我知道,这个问题被问了很多次,但任何回答解决我的问题。我试图实现使用Spring Security的4 +休眠+春数据JPA定制登录表单,但我希望事情不工作。
当我在内存中使用的凭据都做工精细,但我想用我的数据库来代替。
下面主要代码:
XML安全配置。
<beans:bean id="encodeurMotDePasse" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="12" />
</beans:bean>
<security:http auto-config="true" create-session="never">
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/inscription**" access="hasRole('ADMIN') or hasRole('USER')" />
<security:intercept-url pattern="/connexion**" access="hasRole('USER') or hasRole('USER')" />
<security:intercept-url pattern="/test**" access="hasRole('ADMIN')" />
<security:intercept-url pattern="/dba**" access="hasRole('ADMIN')" />
<security:form-login login-page="/login.html"
username-parameter="identifiant"
password-parameter="motDePasse"
authentication-failure-url="/login.html?error=t"/>
</security:http>
<beans:bean id="customUserDetailsService" class="com.app.security.CustomUserDetailsService"/>
<security:authentication-manager >
<security:authentication-provider user-service-ref ="customUserDetailsService">
<security:password-encoder ref="encodeurMotDePasse" />
</security:authentication-provider>
</security:authentication-manager>
这个UserDetailsService实现:
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private ServicesDAO service;
@Override
public UserDetails loadUserByUsername( String username ) throws UsernameNotFoundException {
T_authentification userPrincipals = service.getAuthenticatePrincipal( username );
if ( userPrincipals == null ) {
System.out.println( "user inexistant" );
throw new UsernameNotFoundException( "L'utilisateur n'a pas été trouvé" );
} else {
System.out.println( "user trouvé" );
}
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for ( T_roles role : userPrincipals.getRoles() ) {
System.out.println( " role dans userdetails service est :" + role.getRoleName() );
authorities.add( new SimpleGrantedAuthority( role.getRoleName() ) );
}
// return new CustomUserDetails( userPrincipals );
return new org.springframework.security.core.userdetails.User( userPrincipals.getUsername(), userPrincipals.getMotDePasse(), authorities );
}
}
当我在一个控制器方法测试代码的所有凭证从数据库以及加载,我可以在控制台上打印出来。
另一个值得关注的是,当登录失败,Spring Security没有在控制台发送任何调试消息告诉该故障的原因。
编辑
在这里我的log4j.xml,我按照配置,但会出现在控制台的任何消息和文件也是空的。
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE log4j:configuration PUBLIC "-//APACHE//DTD LOG4J 1.2//EN" "http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/xml/doc-files/log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="true">
<appender name="Appender1" class="org.apache.log4j.ConsoleAppender">
<param name="Threshold" value="debug" />
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%-7p %d [%t] %c %x - %m%n"/>
</layout>
</appender>
<appender name="SpringAppender" class="org.apache.log4j.FileAppender">
<param name="file" value="C:/Log4j/Spring-details.log" />
<param name="Threshold" value="debug" />
<param name="append" value="true" />
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern"
value="%d{MM/dd/yyyy HH:mm:ss} [%t]:%c{5}.%M()%L %m%n" />
</layout>
</appender>
<appender name="Appender2" class="org.apache.log4j.FileAppender">
<param name="File" value="C:/Log4j/app.log" />
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%-7p %d [%t] %c %x - %m%n"/>
</layout>
</appender>
<category name="org.springframework">
<priority value="ALL" />
</category>
<category name="org.springframework">
<priority value="debug" />
</category>
<category name="org.springframework.beans">
<priority value="debug" />
</category>
<category name="org.springframework.security">
<priority value="debug" />
</category>
<category
name="org.springframework.beans.CachedIntrospectionResults">
<priority value="debug" />
</category>
<category name="org.springframework.jdbc.core">
<priority value="debug" />
</category>
<category name="org.springframework.transaction.support.TransactionSynchronizationManager">
<priority value="debug" />
</category>
<logger name="org.springframework" additivity="false">
<level value="DEBUG"/>
<appender-ref ref="SpringAppender"/>
</logger>
<root>
<!-- <priority value="INFO"/> -->
<level value="DEBUG"/>
<appender-ref ref="Appender1" />
<appender-ref ref="SpringAppender" />
<appender-ref ref="Appender2" />
</root>
</log4j:configuration>
Aaditi
当我尝试在一个Java类@Autowire这个bean <beans:bean id="customUserDetailsService" class="com.app.security.CustomUserDetailsService"/>我得到这个例外。
为什么这个错误发生?
ERROR javax.enterprise.web.core - ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'inscriptionController': Unsatisfied dependency expressed through field 'customUserDetailsService'; nested exception is org.springframework.beans.factory.BeanNotOfRequiredTypeException: Bean named 'customUserDetailsService' is expected to be of type 'com.app.security.CustomUserDetailsService' but was actually of type 'com.sun.proxy.$Proxy323'
at org.apache.catalina.core.StandardContext.start(StandardContext.java:5985)
为您的澄清非常感谢和我的英语不好对不起。
我发现这种奇怪的行为的原因。
我想,春天的安全听者org.springframework.security.web.session.HttpSessionEventPublisherdoesn't共享相同的上下文中servlet调度。因此,在MVC的上下文中定义的所有豆是无法进入安全的一部分。
为了解决这个问题,我不得不添加<context:component-scan base-package=....根上下文这里定义的所有豆到处都是访问。
我失去了2个星期找到我的问题:(原因!