我想實現春季安全3.1.0.M1,我無法讓我的應用程序將Authentication.getPrincipal設置爲我的自定義UserDetails實現。當我嘗試獲取登錄用戶時,它始終返回「guest」的主體。請參閱下面的getLoggedInUser方法。春季安全返回來賓而不是UserDetails Authentication.getPrincipal()
在Users.java(UserDetails impl)getAuthorities方法永遠不會被調用,也許這就是爲什麼user_role不被分配。
也許我錯誤地配置了一些東西......我附上了我的實現大綱,希望有人能夠發現我的錯誤。感謝您的幫助!
public static Users getLoggedInUser() {
Users user = null;
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null && auth.isAuthenticated()) {
Object principal = auth.getPrincipal();
if (principal instanceof Users) {
user = (Users) principal;
}
}
return user;
}
安全上下文文件(刪除XML和模式定義):
<global-method-security secured-annotations="enabled">
</global-method-security>
<http security="none" pattern="/services/rest-api/1.0/**" />
<http security="none" pattern="/preregistered/**" />
<http access-denied-page="/auth/denied.html">
<intercept-url
pattern="/**/*.xhtml"
access="ROLE_NONE_GETS_ACCESS" />
<intercept-url
pattern="/auth/**"
access="ROLE_ANONYMOUS,ROLE_USER" />
<intercept-url
pattern="/auth/*"
access="ROLE_ANONYMOUS" />
<intercept-url
pattern="/**"
access="ROLE_USER" />
<form-login
login-processing-url="/j_spring_security_check.html"
login-page="/auth/login.html"
default-target-url="/registered/home.html"
authentication-failure-url="/auth/login.html?_dc=45" />
<logout logout-url="/auth/logout.html"
logout-success-url="/" />
<anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
<remember-me user-service-ref="userManager" key="valid key here"/>
</http>
<!-- Configure the authentication provider -->
<authentication-manager>
<authentication-provider user-service-ref="userManager">
<password-encoder ref="passwordEncoder" />
</authentication-provider>
</authentication-manager>
的UserDetails實現(Users.java):
public class Users implements Serializable, UserDetails {
public Collection<GrantedAuthority> getAuthorities() {
List<GrantedAuthority> auth = new ArrayList<GrantedAuthority>();
auth.add(new GrantedAuthorityImpl("ROLE_USER"));
return auth;
}
}
用戶服務-REF = 「的UserManager」(UserManagerImpl.java):auth.add("ROLE_USER");
:
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
Users user = null;
try {
user = userDAO.findByUsername(username);
} catch (DataAccessException ex) {
throw new UsernameNotFoundException("Invalid login", ex);
}
if (user == null) {
throw new UsernameNotFoundException("User not found.");
}
return user;
}
@Ritesh,我試圖添加了「ROLE_USER」不斷嘗試,使之更加清楚,但我覺得它有相反的效果。在我的版本,我實際上使用公共靜態最終權威AUTHORITY_USER =新權威(「ROLE_USER」); List auth = new ArrayList (); auth.add(Authority.AUTHORITY_USER); return auth; p –
c12
2011-03-14 01:26:09
@colin你能顯示Authority類的代碼嗎? – Ritesh 2011-03-14 14:07:21
@Ritesh,感謝您的迴應,我已經將權威類添加到最初的問題......感謝您的幫助! – c12 2011-03-14 16:00:32