尝试使用Spring MVC和Spring Security进行一些实验:
@Controller
@RequestMapping("/auth")
public class AuthController {
@Autowired
// @Qualifier("userDetailsService") - tried adding this
private MyUserDetailsService userDetailsService;
...
}
// @Scope("singleton") - tried adding this
@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {
...
}
完成我拥有的context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- ORIGINAL springmvc-servlet.xml -->
<mvc:annotation-driven />
<mvc:resources mapping="/static/**" location="/static/" />
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/jsp/"></property>
<property name="suffix" value=".jsp"></property>
</bean>
<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" />
<bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping" />
<context:annotation-config />
<context:component-scan base-package="com.xxxxxxxxx" />
<!-- end ORIGINAL springmvc-servlet.xml -->
<!-- FROM springmvc-security.xml -->
<security:global-method-security secured-annotations="enabled">
</security:global-method-security>
<security:http auto-config="true" access-denied-page="/auth/denied">
<security:intercept-url pattern="/admin/*" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/user/*" access="ROLE_USER"/>
<security:intercept-url pattern="/auth/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/auth/register" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:form-login login-page="/auth/login" authentication-failure-url="/auth/login?login_error=true" default-target-url="/user"/>
<security:logout logout-url="/auth/logout" logout-success-url="/" invalidate-session="true"/>
<security:openid-login authentication-failure-url="/login?login_error=t" user-service-ref="openIdUserDetailsService" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService" />
</security:authentication-manager>
<!-- end FROM springmvc-security.xml -->
</beans>
出于某种原因,创建了MyUserDetailsService的2个实例。第一个由Spring Security使用,第二个注入AuthController。如果我想要一个MyUserDetailsService的单个实例,那么正确的方法是什么?
答案 0 :(得分:1)
你没有展示足够的配置以确定,但我敢打赌,你对Spring应用程序中如何管理Spring ApplicationContexts感到困惑。关于同一问题的另一个问题的答案几乎肯定是你需要阅读的内容:
Declaring Spring Bean in Parent Context vs Child Context
您很可能在应用的根和子上下文中声明了您的服务bean(显式或使用组件扫描)。作为服务bean,它应该只存在于根上下文中。您也可以从阅读这个答案中受益:
答案 1 :(得分:0)
这个配置对我有用:
<security:authentication-manager>
<security:authentication-provider user-service-ref="userService">
和
<bean id="userService" class="com.mydomain.service.UserDetailsServiceImpl" />