我正在使用springg-mvc应用程序并使用Spring Security框架进行身份验证和授权。我之前会发布一些代码,但在此之前,请知道我没有单独的表作为可以设置或检索角色的角色。所以每当我登录时,都会转到denied.jsp。当我检查catalina.out时,它说,查询后的休眠可以找到一组行。
Security-context.xml(部分内容)
<security:http use-expressions="true" auto-config="false" access-denied-page="/403" disable-url-rewriting="true">
<security:session-management>
<security:concurrency-control max-sessions="5" />
</security:session-management>
<security:form-login login-page="/login" login-processing-url="/login.do" default-target-url="/users" always-use-default-target="true"
authentication-failure-url="/denied" username-parameter="username" password-parameter="password"/>
<security:logout logout-url="/logout" logout-success-url="/login?out=1" delete-cookies="JSESSIONID" invalidate-session="true" />
<security:intercept-url pattern="/*" requires-channel="any" access="permitAll" />
<security:intercept-url requires-channel="any" pattern="/login*" access="permitAll"/>
<security:intercept-url pattern="/**" requires-channel="any" access="hasRole('ROLE_USER')" />
</security:http>
<!-- queries to be run on data -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider >
<security:jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username,password,true
from registration where username=?" authorities-by-username-query="select u.username, 'ROLE_USER' from registration where u.username=?" />
</security:authentication-provider>
</security:authentication-manager>
login服务
//Imports ommited
@Transactional
@Service("userDetailsService")
public class LoginService implements UserDetailsService{
@Autowired private UserDao userDao;
@Autowired private Assembler assembler;
@Override
@Transactional
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserDetails userDetails = null;
User user = userDao.findByName(username);
if(user == null) { throw new UsernameNotFoundException("Wrong username or password");}
return assembler.buildUserFromUserEntity(user);
}
}
汇编程序:
@Service("assembler")
public class Assembler {
@Transactional(readOnly = true)
User buildUserFromUserEntity(com.WirTauschen.model.User userEntity){
String username = userEntity.getUsername();
String password = userEntity.getPassword();
int id = userEntity.getId();
boolean enabled = userEntity.isActive();
boolean accountNonExpired = userEntity.isAccountNonExpired();
boolean credentialsNonExpired = userEntity.isCredentialsNonExpired();
boolean accountNonLocked = userEntity.isAccountNonLocked();
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
User user1 = new User(username,password,enabled,accountNonExpired,credentialsNonExpired,accountNonLocked,authorities);
return user1;
}
}
答案 0 :(得分:1)
如果您想使用UserDetailsService的实现:
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userDetailsService"/>
</security:authentication-manager>