0
與任一文件名稱或電子郵件記錄中我有像用戶名,配置文件名稱,電子郵件等領域Spring Security的
我在我的應用程序中實現Spring Security的用戶豆。在登錄表單中,我希望用戶輸入profileName或電子郵件地址&他應該可以同時登錄。但它看起來像配置只適用於userName。我使用hibernate從數據庫中獲取用戶詳細信息。 下面是我的代碼
FormLogin.jsp在CustomUserDetailsService類
<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>
<table>
<tr>
<td>Email/ProfileName</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
loadByUserName方法從數據庫
public UserDetails loadUserByUsername(String name)throws UsernameNotFoundException, DataAccessException
{
//returns the get(0) of the user list obtained from the db
User domainUser = userDAO.getUser(name);
logger.info("User fetched from database in loadUserByUsername method " + domainUser);
Set<Roles> roles = domainUser.getRole();
logger.info("roles of the user"+ roles);
Set<GrantedAuthority> authorities = new HashSet<>();
for(Roles role:roles) {
authorities.add(new SimpleGrantedAuthority(role.getRole()));
logger.info("role" +role+" role.getRole()"+(role.getRole()));
}
return new org.springframework.security.core.userdetails.User(
domainUser.getName(),
domainUser.getPassword(),
domainUser.isEnabled(),
domainUser.isAccountNonExpired(),
domainUser.isCredentialsNonExpired(),
domainUser.isAccountNonLocked(),
authorities);
}
查詢
@SuppressWarnings("unchecked")
public User getUser(String name){
List<User> userList = new ArrayList<User>();
Query query = sessionFactory.getCurrentSession().createQuery("from User u where u.name = :name");
query.setParameter("name", name);
userList = query.list();
if (userList.size() > 0)
return userList.get(0);
else
return null;
}
可以解決這個任何人的幫助?
彈簧security.xml文件
<http auto-config="true">
<intercept-url pattern="/forms/welcome*" access="ROLE_ADMIN" />
<!-- Below config will display the custom form for authentication -->
<form-login login-page="/forms/login" default-target-url="/forms/welcome"
authentication-failure-url="/forms/loginfailed" />
<logout logout-success-url="/forms/logout" />
<!-- <http-basic /> -->
</http>
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailService">
</authentication-provider>
</authentication-manager>
我現在已經添加了安全配置 – underdog
yay .... :)很棒的作品 – underdog
很棒。很高興聽到。 –