0
我正在嘗試使用SPRING 4.1.4 RELEASE進行「基本」安全配置。LoadByUsername未調用(Spring Security 4.1.4)
我需要: - 自定義登錄; - 數據庫驗證(Hibernate as ORM);
我只是試圖成功登錄,然後顯示一個主頁。出現 登錄頁面,但我自己的身份,我得到錯誤404
我寄了我的整個配置:
的login.jsp:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<form action="/login" method="post">
<table>
<tr>
<td>Name:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td><input type="submit" value="ENTER"/></td>
</tr>
</table>
</form>
</body>
SecurityConfig:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("customUserDetailsService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(authenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated()
.and().formLogin().loginPage("/login").permitAll().loginProcessingUrl("/login")
.defaultSuccessUrl("/home",true).failureUrl("/access_denied")
.usernameParameter("username").passwordParameter("password")
.and().httpBasic().and().csrf().disable().exceptionHandling()
.accessDeniedPage("/access_denied");
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Bean
public Md5PasswordEncoder passwordEncoder() {
return new Md5PasswordEncoder();
}
}
安全初始化程序
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer{
}
UserDetailsServiceImpl
@Service("customUserDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService{
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
GenericDAO daoU = (GenericDAO) VisibleApplicationContext.getBean("daoUser");
com.aconti.stemunitcore.model.User u=
(com.aconti.stemunitcore.model.User) daoU.readByPropertyLike("username", username).get(0);
String password=u.getPassword();
Collection<GrantedAuthority> authorities=new ArrayList<>();
for(Role role: u.getRoles()){
authorities.add(new SimpleGrantedAuthority(role.getDescription()));
}
org.springframework.security.core.userdetails.User springUser =
new org.springframework.security.core.userdetails.User(username, password, authorities);
return springUser;
}
}
的AppConfig
@EnableWebMvc
@Configuration
@ComponentScan({ "com.aconti.stemunit4.*" })
@Import({ SecurityConfig.class })
public class AppConfig {
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver
= new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/pages/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
}
SpringMVCInitializer
public class SpringMvcInitializer
extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { AppConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}