我在spring安全配置中使用了多个[不同模式]的http元素。每个都指向一个单独的身份验证管我能够成功登录所有http元素。但是,成功登录后,返回的Principal对象为null。请帮我。
春季安全的内容如下
<http pattern="teacher/login*" authentication-manager-
ref="teacherAuthenticationManager">
<intercept-url pattern="teacher/login*" access="ROLE_TEACHER" />
<http-basic`enter code here` />
</http>
<http pattern="student/login*" authentication-manager-
ref="studentAuthenticationManager">
<intercept-url pattern="student/login*" access="ROLE_STUDENT" />
<http-basic />
</http>
<authentication-manager alias="teacherAuthenticationManager">
<authentication-provider>
<!-- <password-encoder hash="md5"/>-->
<jdbc-user-service data-source-ref="dataSources"
users-by-username-query="
select username,password,true
from Teacher where username=?"
authorities-by-username-query="
select username,'ROLE_TEACHER' from Teacher where username=?" />
</authentication-provider>
</authentication-manager>
<authentication-manager alias="studentAuthenticationManager">
<authentication-provider>
<!-- <password-encoder hash="md5"/>-->
<jdbc-user-service data-source-ref="dataSources"
users-by-username-query="
select username,password,true
from Student where username=?"
authorities-by-username-query="
select username,'ROLE_STUDENT' from Student where username=?" />
</authentication-provider>
</authentication-manager>
Web.xml如下
<display-name>Spring Web MVC Application</display-name>
<welcome-file-list>
<welcome-file>/index.html</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
控制器代码
@RequestMapping(value = "/teacher/login", method = RequestMethod.GET)
public @ResponseBody MethodResponse teacherlogin( Principal principal) {
System.out.println("Welcome Teacher");
MethodResponse methodResponse = new MethodResponse();
try {
//org.springframework.security.core.userdetails.User user = (org.springframework.security.core.userdetails.User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
System.out.println("Is Principal Null:"+Boolean.valueOf(principal==null));
final String name = principal.getName();
String sql="Select * from Teacher where UserName=?";
Teacher teacher = jdbcTemplate.queryForObject(sql,
ParameterizedBeanPropertyRowMapper
.newInstance(Teacher.class),name);
methodResponse.setData(teacher);
//String sql = " Select * from Teacher where TeacherId=?";
/*
List<Teacher> list = jdbcTemplate.query(sql,
ParameterizedBeanPropertyRowMapper
.newInstance(Teacher.class), teacherId);
Teacher[] teachers = list.toArray(new Teacher[] {});
methodResponse.setDataArray(teachers);*/
methodResponse
.setResponseCode(GlobalConstants.SERVICE_STATUS_CODE_SUCCESS);
methodResponse
.setResponseMessage(GlobalConstants.SERVICE_STATUS_MSG_SUCCESS);
} catch (Exception e) {
e.printStackTrace();
methodResponse
.setResponseCode(GlobalConstants.SERVICE_STATUS_CODE_DATABASE_ERROR);
methodResponse.setResponseMessage(e.getMessage());
}
return methodResponse;
}
答案 0 :(得分:10)
servlet映射到/ rest / *,并且这些URL不受过滤器保护(因此我希望主体为null)。这可以解释你看到的行为吗?