我試圖從StackOverflow(Use Spring Security with JPA)關注此帖未成功。春季安全到用戶JPA連接
我實現了一個UserDetailsService:
import javax.inject.Inject;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.boss.mrfoods.dao.UserDao;
import com.boss.mrfoods.entity.User;
@Service
public class LoginController implements UserDetailsService {
@Inject
private UserDao userDao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
User user = userDao.getForUsername(username);
System.out.println("USERNAME: " + username);
System.out.println("USER: " + user);
System.out.println("ROLES:" + user.getRoles());
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), user.getRoles());
}
}
而且在Spring XML配置文件中像這樣的一個參考吧:
<debug />
<global-method-security pre-post-annotations="enabled" />
<http pattern="/resources/**" security="none" />
<http pattern="/pages/loggedout.xhtml" security="none" />
<http pattern="/pages/timeout.xhtml" security="none" />
<http use-expressions="true">
<intercept-url pattern="/pages/admin/**" access="hasRole('supervisor')" />
<intercept-url pattern="/pages/user/**" access="isAuthenticated()" />
<intercept-url pattern="/**" access="permitAll" />
<form-login />
<logout logout-success-url="/pages/loggedout.xhtml" delete-cookies="JSESSIONID" />
<remember-me />
</http>
<beans:bean id="customUserDetailsService" class="com.boss.mrfoods.controller.LoginController" />
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>
什麼也沒有發生。沒有例外,我的UserDetailsService實現永遠不會被調用。
我想要實現的是Spring Security使用我的JPA連接/事務來查找用戶/角色。我是否缺少配置?從哪裏開始尋找問題,如果我甚至沒有得到和例外。
我發現了這麼遠的是:我的userDao爲空。對象注入不起作用。注入無法構建該對象。爲什麼?
感謝您閱讀這篇文章。
你是如何嘗試驗證?你的安全配置中是否有'http'元素? – digitaljoel 2013-02-27 16:43:18
編輯了該問題以顯示更多的XML配置文件。 – MBarni 2013-02-27 17:01:51