我有一個Spring應用程序(Spring版本2.5.6.SEC01,Spring Security的版本2.0.5)與以下設置(這是基於關閉的this question):春季安全 - 自定義身份驗證提供不叫
在安全-config.xml中文件,我有以下配置:
<http>
<!-- Restrict URLs based on role -->
<intercept-url pattern="/WEB-INF/jsp/login.jsp*" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/WEB-INF/jsp/header.jsp*" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/WEB-INF/jsp/footer.jsp*" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/login*" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/index.jsp" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/logoutSuccess*" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/css/**" filters="none" />
<intercept-url pattern="/images/**" filters="none" />
<intercept-url pattern="/**" access="ROLE_ANONYMOUS" />
<anonymous />
<form-login login-page="/login.jsp"/>
</http>
<beans:bean id="myUserDetailsService" class="com.example.login.MyUserDetailsService">
<beans:property name="dataSource" ref="dataSource" />
<custom-authentication-provider />
</beans:bean>
<authentication-provider user-service-ref="myUserDetailsService" />
的com.example.login.MyUserDetailsService類定義爲:
public class MyUserDetailsService extends SimpleJdbcDaoSupport implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException,
DataAccessException {
logger.info("MyUserDetailsService.loadUserByUsername: Entered method. Username [" + userName + "]");
...
}
}
但我沒有看到這條日誌行。我如何定義一個自定義的UserDetailsService,以便設置安全角色?我甚至都不需要自定義的服務,但在安全-config.xml中有這個
<authentication-provider> <jdbc-user-service data-source-ref="dataSource" />
</authentication-provider>
不設置,即使我有用戶和權限表的作用。我如何設置Spring Security角色?
**注意:**''是[棄用](http://forum.springsource.org/showthread.php?76596-Spring-Security-3.0.0.M2-Released )。 –
2011-08-15 13:17:37