服務器啓動時彈簧安全配置錯誤

Question

如果我在security.xml文件中記住me元素並啓動服務器，那麼我得到以下錯誤。

沒有UserDetailsS​​ervice的註冊.......

如果我刪除此記得，我的元素，則其正常工作。

如何擺脫這種錯誤的...

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:p="http://www.springframework.org/schema/p" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.0.xsd"> 

    <http auto-config="false" use-expressions="true" 
     access-denied-page="/login.jsp?error=true" entry-point-ref="authenticationEntryPoint"> 
     <remember-me key="abcdefgh" /> 
     <logout invalidate-session="true" /> 
     <intercept-url pattern="/login.jsp" access="permitAll" /> 
     <intercept-url pattern="/index.jsp" access="permitAll" /> 
     <intercept-url pattern="/pub" access="isAuthenticated()" /> 
     <intercept-url pattern="/*" access="permitAll" /> 
     <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" /> 
    </http> 

    <beans:bean id="authenticationFilter" 
     class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" 
     p:authenticationManager-ref="customAuthenticationManager" 
     p:authenticationFailureHandler-ref="customAuthenticationFailureHandler" 
     p:authenticationSuccessHandler-ref="customAuthenticationSuccessHandler" /> 

    <!-- Custom authentication manager. In order to authenticate, username and 
     password must not be the same --> 
    <beans:bean id="customAuthenticationManager" class="com.cv.pub.cmgt.framework.security.CustomAuthenticationManager" /> 

    <!-- We just actually need to set the default failure url here --> 
    <beans:bean id="customAuthenticationFailureHandler" 
     class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" 
     p:defaultFailureUrl="/login.jsp?error=true" /> 

    <!-- We just actually need to set the default target url here --> 
    <beans:bean id="customAuthenticationSuccessHandler" 
     class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" 
     p:defaultTargetUrl="/pub" /> 

    <!-- The AuthenticationEntryPoint is responsible for redirecting the user 
     to a particular page, like a login page, whenever the server sends back a 
     response requiring authentication --> 
    <!-- See Spring-Security Reference 5.4.1 for more info --> 
    <beans:bean id="authenticationEntryPoint" 
     class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" 
     p:loginFormUrl="/login.jsp" /> 

    <!-- The tag below has no use but Spring Security needs it to autowire the 
     parent property of org.springframework.security.authentication.ProviderManager. 
     Otherwise we get an error A probable bug. This is still under investigation --> 
    <authentication-manager /> 

</beans:beans> 

Answer 1

爲了工作

Spring Security的提供的RememberMeServices requires a UserDetailsService。這意味着你有兩種選擇：

1）如果可能，我建議這是你最好的選擇。而不是寫一個自定義的AuthenticationProvider，編寫一個自定義的UserDetailsS​​ervice。你可以找到一個示例UserDetailsS​​ervice，看看InMemoryDaoImpl然後，你可以連接它，類似於下面的配置。注意你也會刪除你的自定義AuthenticationManager。

<http ..> 
    ... 
    <remember-me key="abcdefgh" /> 
</http> 
<authentication-manager> 
    <authentication-provider user-service-ref="myUserService"/> 
</authentication-manager> 
<beans:bean id="myUserService" class="MyUserService"/> 

2）編寫您自己的不需要UserDetailsS​​ervice的RememberMeServices實現。舉個例子，你可以看看TokenBasedRememberMeServices（但它需要UserDetailsS​​ervice）。如果你想使用命名空間配置，你的RememberMeServices實現將需要實現LogoutHandler。然後你可以使用命名空間來連線它。

<http ..> 
    ... 
    <remember-me ref="myRememberMeServices"/> 
</http> 
<beans:bean id="myRememberMeServices" class="sample.MyRememberMeServices"/>