2012-05-10 82 views
2

我想通過閱讀here將記得我添加到我的登錄頁面,它需要一個UserDetailsS​​ervice。但我的UserDetailsS​​ervice沒有被調用,任何人都可以指出我錯在哪裏?謝謝。用記住我彈簧安全UsernamePasswordAuthenticationFilter

的彈簧security.xml文件

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:security="http://www.springframework.org/schema/security" 
xmlns:p="http://www.springframework.org/schema/p" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

<!-- configure Spring-Security 
auto-config is false. 
use-expressions is true: see http://static.springsource.org/spring-security/site/docs/3.1.x/reference/el-access.html 
access-denied-page: which page is redirected when login is denied 
entry-point-ref: This attribute allows this behaviour to be overridden by defining a customized 
AuthenticationEntryPoint bean which will start the authentication process 
--> 

<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint" > 

    <!-- define how to handle the url /auth/login, primitAll is used since we defined use-expressions=true --> 
    <security:intercept-url pattern="/login" access="permitAll"/> 
    <security:intercept-url pattern="/search" access="hasRole('ROLE_USER')"/> 

    <!-- The logout element adds support for logging out by navigating to a particular URL. 
    The default logout URL is /j_spring_security_logout, 
    but you can set it to something else using the logout-url attribute --> 
    <security:logout 
      invalidate-session="true" 
      logout-success-url="/login" /> 

    <security:custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR"/> 
    <security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/> 
</security:http> 

<!-- Custom filter to deny unwanted users even though registered --> 
<bean id="blacklistFilter" class="com.myapp.filter.BlacklistFilter" /> 

<!-- Custom filter for username and password. we need to create another 4 beans --> 
<bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" 
    p:rememberMeServices-ref="rememberMeServices" 
    p:authenticationManager-ref="customAuthenticationManager" 
    p:authenticationFailureHandler-ref="customAuthenticationFailureHandler" 
    p:authenticationSuccessHandler-ref="customAuthenticationSuccessHandler" /> 

<!-- Bean 1: Custom authentication manager. --> 
<bean id="customAuthenticationManager" class="com.myapp.manager.CustomAuthenticationManager" /> 

<!-- bean 2: set the default failure url here --> 
<bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" 
    p:defaultFailureUrl="/login?error=true" /> 

<!-- bean 3: set the default target url here --> 
<bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" 
    p:defaultTargetUrl="/search" /> 

<!-- bean 4: remember me --> 
<bean id="rememberMeServices" 
    class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices"> 
     <property name="userDetailsService" ref="userDetailsService"/> 
     <property name="key" value="myapp"/> 
</bean> 

<bean id="userDetailsService" class="com.myapp.service.UserDetailsServiceImpl" /> 

<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" 
    p:loginFormUrl="/login"/> 
<security:authentication-manager/></beans> 

謝謝,拉爾夫

我加了過濾器,但UserDetailsS​​erviceImpl仍然不叫,有一個停止點。

public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException { logger.info("User details service is called"); return null; }

現在的配置是:

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:security="http://www.springframework.org/schema/security" 
xmlns:p="http://www.springframework.org/schema/p" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

<!-- configure Spring-Security 
auto-config is false. 
use-expressions is true: see http://static.springsource.org/spring-security/site/docs/3.1.x/reference/el-access.html 
access-denied-page: which page is redirected when login is denied 
entry-point-ref: This attribute allows this behaviour to be overridden by defining a customized 
AuthenticationEntryPoint bean which will start the authentication process 
--> 

<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint" > 

    <!-- define how to handle the url /auth/login, primitAll is used since we defined use-expressions=true --> 
    <security:intercept-url pattern="/login" access="permitAll"/> 
    <security:intercept-url pattern="/search" access="hasRole('ROLE_USER')"/> 

    <!-- The logout element adds support for logging out by navigating to a particular URL. 
    The default logout URL is /j_spring_security_logout, 
    but you can set it to something else using the logout-url attribute --> 
    <security:logout 
      invalidate-session="true" 
      logout-success-url="/login" /> 

    <security:custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR"/> 
    <security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/> 
    <security:custom-filter ref="rememberMeFilter" position="REMEMBER_ME_FILTER"/> 
</security:http> 

<!-- Custom filter to deny unwanted users even though registered --> 
<bean id="blacklistFilter" class="com.myapp.filter.BlacklistFilter" /> 

<!-- Custom filter for username and password. we need to create another 4 beans --> 
<bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" 

    p:rememberMeServices-ref="rememberMeServices" 
    p:authenticationManager-ref="customAuthenticationManager" 
    p:authenticationFailureHandler-ref="customAuthenticationFailureHandler" 
    p:authenticationSuccessHandler-ref="customAuthenticationSuccessHandler" /> 

<!-- Bean 1: Custom authentication manager. --> 
<bean id="customAuthenticationManager" class="com.myapp.manager.CustomAuthenticationManager" /> 

<!-- bean 2: set the default failure url here --> 
<bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" 
    p:defaultFailureUrl="/login?error=true" /> 

<!-- bean 3: set the default target url here --> 
<bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" 
    p:defaultTargetUrl="/search" /> 

<!-- bean 4: remember me --> 
<bean id="rememberMeServices" 
    class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices"> 
     <property name="userDetailsService" ref="userDetailsService"/> 
     <property name="key" value="myapp"/> 
</bean> 

<bean id="userDetailsService" class="com.myapp.service.UserDetailsServiceImpl" /> 


<bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> 
    <property name="rememberMeServices" ref="rememberMeServices"/> 
    <property name="authenticationManager" ref="customAuthenticationManager" /> 
</bean> 

<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" 
    p:loginFormUrl="/login"/> 

<security:authentication-manager alias="theAuthenticationManager"/></beans> 

回答

0

看起來你忘了加上RememberMeAuthenticationFilter。 - 看看你提到的文檔中的例子,你會明白我的意思。


首先嚐試降低你的配置,非常默認配置像http://www.i-develop.be/blog/2010/02/04/spring-security-remember-me/

+0

我已經編輯了問題,你可以再看看?謝謝。 – user200340

+0

對不起,我的錯,它在註銷時被調用。這是怎麼記住我的工作(我對春季和春季安全非常新)? – user200340