1. 首頁
  2. 問答
  3. Spring Security UserDetailsS​​ervice不叫

Spring Security UserDetailsS​​ervice不叫

2016-03-02 72 views
1

我正在從Spring Security 3.2.5升級到4.0.4,使用migration guideSpring Security UserDetailsS​​ervice不叫

UserDetailsService看起來像這樣:

package com.me.security; 

import org.springframework.security.core.userdetails.UserDetailsService; 

public class Users implements UserDetailsService { 
    public Users() { 
     System.err.println("USERS CONSTRUCTOR"); 
    } 

    @Override 
    public UserDetail loadUserByUsername(String name) { 
     System.err.println("LOAD BY USER NAME " + name); 
     throw new UsernameNotFoundException("User not found."); 
    } 
}

WEB-INF/applicationContext.xml有這樣的:

<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xsi:schemaLocation=" 
     http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-4.0.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-4.0.xsd"> 

    <security:http disable-url-rewriting="true" use-expressions="false"> 
     <security:intercept-url pattern="/auth/**" access="ROLE_ANONYMOUS"/> 
     <security:intercept-url pattern="/dashboard/**" access="ROLE_ADMIN,ROLE_USER"/> 
     <!-- ...more intercept-urls... --> 

     <security:access-denied-handler error-page="/pages/general/403.xhtml"/> 

     <security:form-login login-page="/auth/login.html" 
      username-parameter="j_username" 
      password-parameter="j_password" 
      login-processing-url="/j_spring_security_check" 
      default-target-url="/dashboard/" 
      authentication-failure-url="/auth/error.html"/> 

     <security:logout logout-success-url="/auth/login.html" 
      logout-url="/auth/login.html" 
      delete-cookies="JSESSIONID" 
      invalidate-session="true" /> 

     <security:session-management invalid-session-url="/auth/login.html"/> 
    </security:http> 

    <security:authentication-manager> 
     <security:authentication-provider user-service-ref='userDetailsService'/> 
    </security:authentication-manager> 

    <bean id="userDetailsService" class="com.me.security.Users"/> 
</beans>

當我嘗試登錄,我的代碼不會被調用。我確實在服務器日誌中看到來自Users構造函數的消息,但不是來自其loadUserByUsername方法的消息。

相反,無論我輸入用戶名和密碼,我都會進入403錯誤頁面。

(也許我一直在看這個時間太長已經...)

爲什麼沒有春天打電話給我的UserDetailsS​​ervice和我需要得到它的工作是什麼?

來源

2016-03-02 Robert

回答

2

這聽起來是csrf過濾器。在Spring Security 4.x中默認激活:Migrating from Spring Security 3.x to 4.x。這可能是問題,如果你是百達得到一個HTTP 403

嘗試禁用此設置的安全裏面:http元素:

<csrf disabled="true"/>

來源

2016-03-03 08:03:31 jlumietu

+1

哎呀,謝謝!我完全錯過了遷移指南中的這一部分。 – Robert

相關問題

 相關問題