1. 首頁
  2. 問答
  3. 春季安全返回來賓而不是UserDetails Authentication.getPrincipal()

春季安全返回來賓而不是UserDetails Authentication.getPrincipal()

2011-03-10 26 views
2

我想實現春季安全3.1.0.M1,我無法讓我的應用程序將Authentication.getPrincipal設置爲我的自定義UserDetails實現。當我嘗試獲取登錄用戶時,它始終返回「guest」的主體。請參閱下面的getLoggedInUser方法。春季安全返回來賓而不是UserDetails Authentication.getPrincipal()

在Users.java(UserDetails impl)getAuthorities方法永遠不會被調用,也許這就是爲什麼user_role不被分配。

也許我錯誤地配置了一些東西......我附上了我的實現大綱,希望有人能夠發現我的錯誤。感謝您的幫助!

public static Users getLoggedInUser() { 
    Users user = null; 
    Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 
    if (auth != null && auth.isAuthenticated()) { 
     Object principal = auth.getPrincipal(); 
     if (principal instanceof Users) { 
      user = (Users) principal; 
     } 
    } 
    return user; 
}

安全上下文文件(刪除XML和模式定義):

<global-method-security secured-annotations="enabled"> 
</global-method-security> 
<http security="none" pattern="/services/rest-api/1.0/**" /> 
<http security="none" pattern="/preregistered/**" /> 
<http access-denied-page="/auth/denied.html"> 
    <intercept-url 
     pattern="/**/*.xhtml" 
     access="ROLE_NONE_GETS_ACCESS" /> 
    <intercept-url 
     pattern="/auth/**" 
     access="ROLE_ANONYMOUS,ROLE_USER" /> 
    <intercept-url 
     pattern="/auth/*" 
     access="ROLE_ANONYMOUS" /> 
    <intercept-url 
     pattern="/**" 
     access="ROLE_USER" /> 
    <form-login 
     login-processing-url="/j_spring_security_check.html" 
     login-page="/auth/login.html" 
     default-target-url="/registered/home.html" 
     authentication-failure-url="/auth/login.html?_dc=45" /> 
    <logout logout-url="/auth/logout.html" 
      logout-success-url="/" /> 
    <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/> 
    <remember-me user-service-ref="userManager" key="valid key here"/> 
</http> 
<!-- Configure the authentication provider --> 
<authentication-manager> 
    <authentication-provider user-service-ref="userManager"> 
      <password-encoder ref="passwordEncoder" /> 
    </authentication-provider> 
</authentication-manager>

的UserDetails實現(Users.java):

public class Users implements Serializable, UserDetails { 
    public Collection<GrantedAuthority> getAuthorities() { 
    List<GrantedAuthority> auth = new ArrayList<GrantedAuthority>(); 
    auth.add(new GrantedAuthorityImpl("ROLE_USER")); 
    return auth; 
}

}

用戶服務-REF = 「的UserManager」(UserManagerImpl.java):auth.add("ROLE_USER");

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { 
    Users user = null; 
    try { 
     user = userDAO.findByUsername(username); 
    } catch (DataAccessException ex) { 
     throw new UsernameNotFoundException("Invalid login", ex); 
    } 
    if (user == null) { 
     throw new UsernameNotFoundException("User not found."); 
    } 
    return user; 
}

來源

2011-03-10 c12

回答

1

你是不是在這條線讓編譯錯誤?

我覺得應該是:auth.add(new SimpleGrantedAuthority("ROLE_USER"));

來源

2011-03-12 15:37:34 Ritesh

+0

@Ritesh,我試圖添加了「ROLE_USER」不斷嘗試,使之更加清楚,但我覺得它有相反的效果。在我的版本,我實際上使用公共靜態最終權威AUTHORITY_USER =新權威(「ROLE_USER」); List auth = new ArrayList (); auth.add(Authority.AUTHORITY_USER); return auth; p – c12 2011-03-14 01:26:09

+0

@colin你能顯示Authority類的代碼嗎? – Ritesh 2011-03-14 14:07:21

+0

@Ritesh,感謝您的迴應,我已經將權威類添加到最初的問題......感謝您的幫助! – c12 2011-03-14 16:00:32

相關問題

 相關問題