1. 首頁
  2. 問答
  3. Spring Security 3:密碼問題

Spring Security 3:密碼問題

2011-02-11 116 views
8

我有一個簡單的應用程序,我可以在其中註冊用戶並進行身份驗證。我已經使用密碼編碼併成功驗證了它們。我在我的應用程序中使用Spring 3,Spring Security 3和Hibernate 3。Spring Security 3:密碼問題

現在我想用他們的用戶ID來密碼他們的密碼,但我無法實現此功能。有人能幫我實現嗎?我一直在嘗試做很長時間,但無法完成。

這裏是我用醃製用戶ID和驗證他們的代碼。

XYZ-security.xml文件

<http auto-config="true" use-expressions="true"> 
    <intercept-url pattern="/welcome.do" access="hasRole('ROLE_USER')" /> 
    <form-login login-page="/login.do" authentication-failure-url="/login.do?login_error=1"/>  
    <logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/> 
</http> 

<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> 
    <beans:property name="userDetailsService" ref="userDetailsService"/> 
</beans:bean> 

<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> 
    <beans:property name="providers"> 
     <beans:list> 
      <beans:ref local="daoAuthenticationProvider" /> 
     </beans:list> 
    </beans:property> 
</beans:bean> 

<authentication-manager> 
    <authentication-provider user-service-ref="userDetailsService"> 
     <password-encoder ref="passwordEncoder">     
      <salt-source ref="saltSource"/> 
      </password-encoder> 
    </authentication-provider> 
</authentication-manager> 

<!-- For hashing and salting user passwords --> 
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/> 
<beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource" 
    p:userPropertyToUse="id"/>

UserDetailsAdapter.java

@Service("userDetailsAdapter") 
public class UserDetailsAdapter { 

    private Long id; 

    org.springframework.security.core.userdetails.User buildUserFromUserEntity(User userEntity) { 
     String username = userEntity.getUsername(); 
     String password = userEntity.getPassword(); 
     boolean enabled = userEntity.isEnabled(); 
     boolean accountNonExpired = true; 
     boolean credentialsNonExpired = true; 
     boolean accountNonLocked = true; 

     Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); 
     for (String authority: userEntity.getAuthorities()) { 

      authorities.add(new GrantedAuthorityImpl(authority)); 
     } 

     this.id = userEntity.getId(); 

     org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); 
     return user; 
    } 

    public Long getId() { 
     return id; 
    } 

}

UserDetailsS​​erviceImpl

@Service("userDetailsService") 
public class UserDetailsServiceImpl implements UserDetailsService { 

    @Autowired 
    private UserDao userDao; 

    @Autowired 
    private UserDetailsAdapter userDetailsAdapter; 

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { 
     UserDetails userDetails = null; 
     User userEntity = userDao.findByUsername(username); 

     if (userEntity == null) { 
      throw new UsernameNotFoundException("user not found"); 
     } 
     userDetails = userDetailsAdapter.buildUserFromUserEntity(userEntity); 

     return userDetails; 
    } 
}

UserServiceImpl

@Service 
public class UserServiceImpl implements UserService { 

    @Autowired 
    private UserDao userDao; 

    @Autowired 
    private PasswordEncoder passwordEncoder; 

    @Autowired 
    private SaltSource saltSource; 

    public User getByUsername(String username) { 
     return userDao.findByUsername(username); 
    } 

    public User getByEmail(String email) { 
     return userDao.findByEmail(email); 
    } 

    public void createUser(User user) { 
     userDao.create(user); 

     UserDetailsAdapter userDetailsAdapter = new UserDetailsAdapter(); 
     org.springframework.security.core.userdetails.User userDetails = userDetailsAdapter.buildUserFromUserEntity(user); 
     String password = userDetails.getPassword(); 
     Object salt = saltSource.getSalt(userDetails); 
     user.setPassword(passwordEncoder.encodePassword(password, salt)); 
     userDao.update(user); 

    } 

    public void updateUser(User user) { 
     userDao.update(user); 
    } 
}

有人能幫助我瞭解我是什麼在這裏失蹤? 非常感謝。

來源

2011-02-11 skip

+0

能否請您分享您的示例代碼?問候,Neha – 2015-12-29 13:34:44

回答

7

ReflectionSaltSourceUserDetails的實例中提取鹽。但是,您使用org.springframework.security.core.userdetails.User作爲UserDetails的實現,並且它沒有名爲id的屬性(而不是您在UserDetailsAdapter中擁有此屬性,因爲UserDetailsAdapter是singleton,所以沒有意義)。

因此,您需要使用id屬性創建org.springframework.security.core.userdetails.User的子類,並將其從UserDetailsAdapter返回。

來源

2011-02-11 13:11:00 axtavt

+0

謝謝,它的工作:) – skip 2011-02-11 18:38:30

+0

@skip:那麼可能你應該upvote的答案,如果你確定它是正確的,然後接受它。 – Sagar 2011-02-18 15:14:17

7

這裏是做這個工作的更新文件:

UserDetailsAdapter.java

public class UserDetailsAdapter extends org.springframework.security.core.userdetails.User { 
    private final Long id; 
    public UserDetailsAdapter(User userEntity) { 

     super(userEntity.getUsername(), userEntity.getPassword(), userEntity.isEnabled(), true, true, true, toAuthorities(userEntity.getAuthorities())); 
     this.id = userEntity.getId(); 
    } 

    private static Collection<GrantedAuthority> toAuthorities(List<String> authorities) { 
     Collection<GrantedAuthority> authorityList = new ArrayList<GrantedAuthority>(); 
     for (String authority: authorities) { 
      authorityList.add(new GrantedAuthorityImpl(authority)); 
     } 
     return authorityList; 
    } 

    public Long getId() { 
     return id; 
    } 

}

UserDetailsS​​erviceImpl.java

@Service("userDetailsService") 
public class UserDetailsServiceImpl implements UserDetailsService { 

    @Autowired 
    private UserDao userDao; 

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { 
     UserDetails userDetails = null; 
     User userEntity = userDao.findByUsername(username); 

     if (userEntity == null) { 
      throw new UsernameNotFoundException("user not found"); 
     } 
     userDetails = new UserDetailsAdapter(userEntity); 

     return userDetails; 
    } 
}

UserServiceImpl.java

@Service 
public class UserServiceImpl implements UserService { 
... 
    public void createUser(User user) { 
     userDao.create(user); 

     UserDetailsAdapter userDetails = new UserDetailsAdapter(user); 
     String password = userDetails.getPassword(); 
     Object salt = saltSource.getSalt(userDetails); 
     user.setPassword(passwordEncoder.encodePassword(password, salt)); 
     userDao.update(user); 

    } 
... 
}

謝謝:)

來源

2011-02-25 19:55:21 skip

相關問題

 相關問題