spring security 自定义UserDetailsService问题

在自定义UserDetailsService时我继承了JdbcDaoImpl,并重写了loadUserByUsername()方法在方法体中:
[code="java"]
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
UserDetails ud = super.loadUserByUsername(username);
AuthUserDetails authUser = new AuthUserDetails(ud.getUsername(),ud.getPassword(),ud.isEnabled(),ud.isAccountNonExpired(),
ud.isCredentialsNonExpired(),ud.isAccountNonLocked(),ud.getAuthorities());
}
[/code]
调用了父类的loadUserByUsername()方法,是不是就是走了父类中的sql:
[code="java"]
public static final String DEF_USERS_BY_USERNAME_QUERY =
"SELECT username,password,enabled " +
"FROM users " +
"WHERE username = ?";
[/code]
这样我是不是就得建users表?
我感觉这个我能通过自己自定义应该可以重写一下吧?
求ss大牛...

4个回答

还要修改一个地方,就是JdbcUserDetailsManager中执行这个sql的部分。建议增加一个类,继承JdbcUserDetailsManager,覆盖loadUsersByUsername方法。

看下面配置你就应该明白了。
[code="xml"]
<bean id="userDetailsService"

   class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">

   <property name="dataSource" ref="dataSource" />

   <property name="usersByUsernameQuery">

       <value>

            SELECT username,password,1 FROM t_user WHERE status='1'

            AND username = ?

       </value>

       <!-- 根据用户名查询用户的SQL语句 -->

   </property>

   <property name="authoritiesByUsernameQuery">

       <value>

            SELECT u.username,p.priv_name FROM t_user u,t_user_priv

            p WHERE u.user_id =p.user_id AND u.username = ?

       </value>

   <!-- 根据用户名查询用户权限的sql语句 -->

   </property>

[/code]

sydhappy
Sonicery_D 我是这么写的[code="java"] <authentication-provider user-service-ref="userDetailsService"> </authentication-provider> <beans:bean id="userDetailsService" class="com.jtxr.auth.security.AuthUserDetailsService"> <beans:property name="dataSource" ref="dataSource" /> <beans:property name="usersExtraInfoByUsernameQuery"> <beans:value> select user_name,acl_code,acl_type from T_AUTH_USER where USER_PIN=? </beans:value> </beans:property> <beans:property name="privilegesByUsernameQuery"> <beans:value> select PRIVILEGE_CODE from V_AUTH_USER_ROLES r,V_AUTH_ROLE_PRIVILEGES p where r.user_pin=? and r.role_code=p.role_code </beans:value> </beans:property> </beans:bean> [/code] 但是报 account locked 错误 实现UserDetails中public boolean isAccountNonLocked 这个属性是用户可控制吗? 但是之前我见过 UserDetails ud = super.loadUserByUsername(username); AuthUserDetails authUser = new AuthUserDetails(ud.getUsername(),ud.getPassword(),ud.isEnabled(),ud.isAccountNonExpired(), ud.isCredentialsNonExpired(),ud.isAccountNonLocked(),ud.getAuthorities());
大约 7 年之前 回复

UserDetails ud = super.loadUserByUsername(username); 你在自定义方法执行时先执行了父类的方法,肯定是调用了父类的实现了, 想实现自定义sql可以在配置文件中自定义

[url][/url]

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
其他相关推荐
Spring Security3 的自定义UserDetailsService默认Filter是哪个
<authentication-provider user-service-ref="myUserDetailServiceImpl"> myUserDetailServiceImpl这个是我自定义的UserDetailService, 请问默认的Spring Security3 中的那个Filter使用了该UserDetailService 的 loadUserByUsername方法?谢谢
Spring Security 自定义权限验证方法没有被调用
我自己定义的AccessDecisionManager 和FilterInvocationSecurityMetadataSource 都没有被调用。代码如下: package org.bzxly.yx.security.filter; import org.bzxly.yx.security.entity.Authority; import org.bzxly.yx.security.service.PermissionService; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; import org.springframework.security.web.util.AntPathRequestMatcher; import org.springframework.stereotype.Component; import com.alibaba.druid.support.logging.Log; import com.alibaba.druid.support.logging.LogFactory; import com.alibaba.fastjson.JSON; @Component public class CustomFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource{ private static final Log LOG = LogFactory.getLog(FilterInvocationSecurityMetadataSource.class); @Autowired private PermissionService permissionService; /** * 权限容器 * key:URL * value:角色 */ private static final Map<String,Collection<ConfigAttribute>> AUTHORITY = new HashMap<String,Collection<ConfigAttribute>>();//存储所有角色的权限 /**这个方法在访问受限资源的时候没有被调用*/ @Override public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException { String accessURL = ((FilterInvocation)object).getRequestUrl(); LOG.debug("访问地址:"+accessURL); FilterInvocation fi = (FilterInvocation)object; HttpServletRequest request = fi.getRequest(); Collection<ConfigAttribute> config = null; for(Entry<String, Collection<ConfigAttribute>> entry:AUTHORITY.entrySet()){ String key = entry.getKey(); AntPathRequestMatcher matcher =new AntPathRequestMatcher(key); boolean b = matcher.matches(request); if(b){ config = new ArrayList<ConfigAttribute>(); Collection<ConfigAttribute> value = entry.getValue(); for (ConfigAttribute configAttribute : value) { config.add(configAttribute); } } } return config; } //这个初始化已经在启动的时候初始化成功 @Override public Collection<ConfigAttribute> getAllConfigAttributes() { LOG.debug("正在初始化资源中"); List<Authority> authorities = permissionService.loadResource(); for(int i=0;i<authorities.size();i++){ final Authority authority=authorities.get(i); String serverURL = authority.getServerURL(); LOG.info("初始化角色:"+authority.getRoleKey()+",资源:"+serverURL); if(AUTHORITY.containsKey(serverURL)){ AUTHORITY.get(serverURL).add(new SecurityConfig(authority.getRoleKey())); }else{ AUTHORITY.put(authority.getServerURL(),new ArrayList<ConfigAttribute>(){ { add(new SecurityConfig(authority.getRoleKey())); } }); } } LOG.info("ALL LIMIT IS "+JSON.toJSONString(AUTHORITY)); LOG.debug("初始化资源完成"); return null; } @Override public boolean supports(Class<?> clazz) { return true; } } package org.bzxly.yx.security.filter; import java.util.Collection; import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.authentication.InsufficientAuthenticationException; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.stereotype.Component; @Component public class CustomAccessDecisionManager implements AccessDecisionManager{ /**这个方法在访问受限资源的时候没有被调用*/ @Override public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException { if(authentication ==null){ throw new InsufficientAuthenticationException("用户信息不足、、、"); } Collection<? extends GrantedAuthority> ownedRoles = authentication.getAuthorities(); System.out.println("in method decide ....."+object.getClass()); for (GrantedAuthority ownedGa : ownedRoles) { String strOwnedRole = ownedGa.getAuthority(); for(ConfigAttribute requiredCa :configAttributes){ String strRequiedRole = requiredCa.getAttribute(); if(strOwnedRole.equals(strRequiedRole)){ return; } } } throw new AccessDeniedException("您没有操作权限!!!"); } @Override public boolean supports(ConfigAttribute attribute) { return true; } @Override public boolean supports(Class<?> clazz) { return true; } } <?xml version="1.0" encoding="UTF-8"?> <security:http pattern="/index.jsp" security="none" /> <security:http pattern="/bzxly/**" security="none" /> <security:http auto-config="false" entry-point-ref="loginUrlEntryPoint"> <security:custom-filter ref="customFilter" before="FORM_LOGIN_FILTER" /> <security:custom-filter ref="formLoginFilter" position="FORM_LOGIN_FILTER" /> <security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER" /> <security:custom-filter ref="rememberMeFilter" after="FORM_LOGIN_FILTER" /> <security:custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" /> <security:custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" /> <security:custom-filter ref="exceptionTranslationFilter" after="EXCEPTION_TRANSLATION_FILTER" /> </security:http> <bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter"> <property name="authenticationEntryPoint" ref="loginUrlEntryPoint"/> <property name="accessDeniedHandler" ref="accessDeniedHandler"/> </bean> <bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl"> <property name="errorPage" value="/bzxly/accessDenied" /> </bean> <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="customAccessDecisionManager"/> <property name="securityMetadataSource" ref="customFilterInvocationSecurityMetadataSource"/> </bean> <bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> <property name="sessionRegistry" ref="sessionRegistry" /> <property name="expiredUrl" value="/bzxly/sessionExpired" /> </bean> <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy"> <constructor-arg name="sessionRegistry" ref="sessionRegistry" /> <property name="maximumSessions" value="1" /> </bean> <bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> <property name="rememberMeServices" ref="rememberMeServices"/> <property name="authenticationManager" ref="authenticationManager" /> </bean> <bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices"> <property name="userDetailsService" ref="userServiceImpl"/> <property name="cookieName" value="myck"></property> <property name="tokenValiditySeconds" value="3600"></property> <property name="parameter" value="rememberMe"></property> <property name="key" value="springRocks"/> </bean> <bean id="rememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider"> <property name="key" value="springRocks"/> </bean> <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <property name="filterProcessesUrl" value="/user/logout"/> <constructor-arg index="0" value="/bzxly/login"/> <constructor-arg index="1"> <list> <ref bean="sessionInvalidateHandler"/> <ref bean="rememberMeServices"/> </list> </constructor-arg> </bean> <bean id="sessionInvalidateHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> <bean id="formLoginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="usernameParameter" value="usname"/> <property name="passwordParameter" value="psword"/> <property name="filterProcessesUrl" value="/user/userLogin"/> <property name="authenticationSuccessHandler" ref="authenSuccessHandler"/> <property name="authenticationFailureHandler" ref="authenFailerHandler"/> <property name="rememberMeServices" ref="rememberMeServices"/> <property name="sessionAuthenticationStrategy" ref="sas"/> </bean> <bean id="authenSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> <property name="alwaysUseDefaultTargetUrl" value="false"></property> <property name="defaultTargetUrl" value="/index"></property> </bean> <bean id="authenFailerHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <property name="defaultFailureUrl" value="/bzxly/loginError"/> </bean> <bean id="loginUrlEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <property name="loginFormUrl" value="/bzxly/login"></property> </bean> <security:authentication-manager alias="authenticationManager" erase-credentials="false"> <security:authentication-provider user-service-ref="userServiceImpl"> <security:password-encoder ref="passwordEndecrypt"> <security:salt-source ref="customSaltSource" /> </security:password-encoder> </security:authentication-provider> <security:authentication-provider ref="rememberMeAuthenticationProvider"/> </security:authentication-manager> </beans> 以上是关键代码
Spring security Oauth2 自定义拦截器如何在验证token之前执行?
想通过拦截器的方式把所有的请求 带一个token过去 然后再去验证。 现在问题是没有等到我的拦截器执行就报401了 无权限了。 ``` @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true) @Order(-1) public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired private SuccessAuthenticationSuccessHandler successAuthenticationSuccessHandler; @Bean public BCryptPasswordEncoder passwordEncoder() { // 设置默认的加密方式 return new BCryptPasswordEncoder(); } @Bean @Override public UserDetailsService userDetailsService() { return new UserDetailsServiceImpl(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { // 使用自定义认证与授权 auth.userDetailsService(userDetailsService()); } @Override public void configure(WebSecurity web) throws Exception { // 将 check_token 暴露出去,否则资源服务器访问时报 403 错误 web.ignoring().antMatchers("/oauth/check_token"); } @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Override protected void configure(HttpSecurity http) throws Exception { //自定义TokenFilter 不执行为什么? http.addFilterAt(new TokenFilter(), FilterSecurityInterceptor.class); http.requestMatchers().antMatchers(HttpMethod.OPTIONS, "/oauth/token") .and() .cors() .and() .csrf().disable(); } ``` ``` @Configuration @EnableResourceServer public class ResourceServerConfig extends ResourceServerConfigurerAdapter { @Autowired private AdminPermissionRepository adminPermissionRepository; @Autowired private SuccessAuthenticationSuccessHandler successAuthenticationSuccessHandler; @Override public void configure(HttpSecurity http) throws Exception { List<AdminPermission> permissions = adminPermissionRepository.findAll(); http .headers().frameOptions().sameOrigin(); http .exceptionHandling() .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .authorizeRequests() .antMatchers("/","/login","/static/**","/assets/**").permitAll(); permissions.forEach(permission->{ try { http.authorizeRequests().antMatchers(permission.getUrl()).hasAuthority(permission.getNameEn()); } catch (Exception e) { e.printStackTrace(); } }); } @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { super.configure(resources); } } ```
spring security3 自定义登录页面,无论输入什么,直接被拦截跳到错误页面
spring security 3,做数据库验证,启动没有问题,但每次点登录按钮的时候,不论输入正确或错误的用户名密码,都直接跳到错误页面,debug跟踪后发现,在InvocationSecurityMetadataSourceService中的getAttributes(Object object)方法传入的object的url值就是验证失败页面的url,感觉就是没有权限,被拦截了,请教各位,我的配置有什么问题吗?下面是代码 login.jsp [code="jsp"]<form method="post" action="${pageContext.request.contextPath}/j_spring_security_check"> <table> <td>用户名</td> <td><input type="text" name="j_username" value=""></td> <tr> <td>密码</td> <td><input type="password" name="j_password" value=""></td> </table> <input type="submit" name="button" value="登录" /> </form>[/code] security.xml [code="xml"] <http auto-config="true" access-denied-page="/jsp/home.jsp"> <intercept-url pattern="/css/**" filters="none" /> <intercept-url pattern="/style/**" filters="none" /> <intercept-url pattern="/images/**" filters="none" /> <intercept-url pattern="/js/**" filters="none" /> <intercept-url pattern="/jsp/login.jsp" filters="none" /> <!-- <intercept-url pattern="/jsp/admin.jsp" access="ROLE_ADMIN" /> <intercept-url pattern="/**" access="ROLE_USER" /> --> <form-login login-page="/jsp/login.jsp" authentication-failure-url="/jsp/error.jsp" default-target-url="/jsp/index.jsp" /> <logout logout-success-url="/jsp/login.jsp"/> <session-management> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> <custom-filter ref="pawnFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http> <beans:bean id="pawnFilter" class="com.sywzsh.security.PawnFilterSecurityInterceptor"> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="accessDecisionManager" ref="pawnAccessDecisionManagerService" /> <beans:property name="securityMetadataSource" ref="pawnSecurityDataSourceService" /> </beans:bean> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetailsService"> </authentication-provider> </authentication-manager> <!-- 查询用户信息 --> <beans:bean id="userDetailsService" class="com.sywzsh.security.PawnUsersDetailsService" /> <!-- 决策访问器,判断是否有权限访问某个资源 --> <beans:bean id="pawnAccessDecisionManagerService" class="com.sywzsh.security.PawnAccessDecisionManagerService" /> <!-- 资源数据定义,资源与角色相关联,一个资源可被哪些角色访问 --> <beans:bean id="pawnSecurityDataSourceService" init-method="loadResourceDefine" class="com.sywzsh.security.PawnInvocationSecurityMetadataSourceService"> </beans:bean> [/code] 过滤器等代码与网上教程一致,如http://andy-ghg.iteye.com/blog/1081622 ,http://blog.csdn.net/remote_roamer/archive/2010/07/05/5713777.aspx 代码大同小异,不知道有哪位兄台遇到过这种情况。
spring security3拦截器问题
未登录系统的情况下,第一次访问页面会跳转到登录页面,第二次访问就能够访问 配置如下: ``` <http entry-point-ref="loginAuthenticationEntryPoint" > <!-- UsernamePasswordAuthenticationFilter default-target-url 指定了从登录页面登录后进行跳转的页面 always-use-default-target true表示登录成功后强制跳转 authentication-failure-url 表示验证失败后进入的页面 login-processing-url 设置验证登录验证地址,如果不设置,默认是j_spring_security_check username-parameter,password-parameter 设置登录用户名和密码的请求name,默认:j_username,j_password <form-login login-page="/login" default-target-url="/index" authentication-failure-url="/login?error=1" login-processing-url="/logined" username-parameter="loginUser" password-parameter="password" /> --> <logout logout-success-url="/login" invalidate-session="true" delete-cookies="JSESSIONID"/> <!-- 尝试访问没有权限的页面时跳转的页面 --> <access-denied-handler error-page="/permission" /> <!-- session-fixation-protection session固化保护 none使得 session 固化攻击失效,不会配置 SessionManagementFilter (除非其它的 <session-management> 属性不是默认值) migrateSession当用户经过认证后分配一个新的 session ,它保证原 session 的所有属性移到新 session 中。我们将在后面的章节中讲解,通过基于 bean 的方式如何进行这样的配置。 newSession当用户认证后,建立一个新的 session ,原(未认证时) session 的属性不会进行移到新 session 中来。--> <session-management invalid-session-url="/login" session-authentication-strategy-ref="compositeSessionAuthenticationStrategy" /> <custom-filter position="FORM_LOGIN_FILTER" ref="formloginFilter" /> <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> <!-- 增加一个filter,这点与 Acegi是不一样的,不能修改默认的filter了, 这个filter位于FILTER_SECURITY_INTERCEPTOR之前 --> <custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="myFilter" /> </http> <!-- ConcurrentSessionFilter过滤器配置(主要设置账户session过期路径) 并发会话处理包所需要的过滤器。该过滤器具有双重作用。 首先,它会调用sessionregistry.refreshlastrequest为每个请求注册session总是有一个正确的最后更新时间。 第二,它会为每个请求从sessionregistry中获取sessioninformation并且检查session是否已被标记为已过期。 如果它被标记为已过期,配置注销处理程序将被调用(如同logoutfilter),重定向到指定的expiredurl,session失效将导致httpsessiondestroyedevent被触发 通过在web.xml注册httpsessioneventpublisher。 --> <beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> <beans:property name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="expiredUrl" value="/login" /> </beans:bean> <!-- 登录过滤器(相当于<form-login/>) --> <beans:bean id="formloginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <beans:property name="usernameParameter" value="loginUser"></beans:property> <beans:property name="passwordParameter" value="password"></beans:property> <beans:property name="sessionAuthenticationStrategy" ref="compositeSessionAuthenticationStrategy" /> <!--处理登录的action --> <beans:property name="filterProcessesUrl" value="/logined"></beans:property> <!--验证成功后的处理 --> <beans:property name="authenticationSuccessHandler" ref="loginLogAuthenticationSuccessHandler"></beans:property> <!--验证失败后的处理 --> <beans:property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler"></beans:property> <beans:property name="authenticationManager" ref="authenticationManager"></beans:property> </beans:bean> <!-- 混合session授权策略 --> <beans:bean id="compositeSessionAuthenticationStrategy" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy"> <beans:constructor-arg> <beans:list> <beans:bean class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy"> <beans:constructor-arg ref="sessionRegistry" /> <beans:property name="maximumSessions" value="1" /> <beans:property name="exceptionIfMaximumExceeded" value="true" /> </beans:bean> <beans:bean class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"> </beans:bean> <beans:bean class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy"> <beans:constructor-arg ref="sessionRegistry" /> </beans:bean> </beans:list> </beans:constructor-arg> </beans:bean> <!--SessionRegistry的默认实现,它会在spring应用上下文中监听SessionDestroyedEvents事件 --> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <!-- 登录点 --> <beans:bean id="loginAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/login"></beans:property> </beans:bean> <!-- 验证成功后的处理 --> <beans:bean id="loginLogAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> <beans:property name="defaultTargetUrl" value="/index"></beans:property> </beans:bean> <!-- 验证失败后的处理 --> <beans:bean id="simpleUrlAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <!--可以配置相应的跳转方式。属性forwardToDestination为true采用forward false为sendRedirect --> <beans:property name="defaultFailureUrl" value="/login?error=1"></beans:property> </beans:bean> <!-- 一个自定义的filter,必须包含 authenticationManager,accessDecisionManager,securityMetadataSource三个属性, 我们的所有控制将在这三个类中实现,解释详见具体配置 --> <beans:bean id="myFilter" class="com.sanchuan.erp.security.MyFilterSecurityInterceptor"> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="accessDecisionManager" ref="myAccessDecisionManagerBean" /> <beans:property name="securityMetadataSource" ref="mySecurityMetadataSource" /> </beans:bean> <!-- 验证配置 , 认证管理器,实现用户认证的入口,主要实现UserDetailsService接口即可 --> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="myUserDetailsService"> <!-- <s:password-encoder hash="sha" /> --> </authentication-provider> </authentication-manager> <!-- 项目实现的用户查询服务,将用户信息查询出来 --> <beans:bean id="myUserDetailsService" class="com.sanchuan.erp.security.MyUserDetailService"> <beans:property name="userService" ref="userServiceImpl"></beans:property> <beans:property name="roleService" ref="roleServiceImpl"></beans:property> </beans:bean> <!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 --> <beans:bean id="myAccessDecisionManagerBean" class="com.sanchuan.erp.security.MyAccessDecisionManager"> </beans:bean> <!-- 资源源数据定义,将所有的资源和权限对应关系建立起来,即定义某一资源可以被哪些角色访问 --> <beans:bean id="mySecurityMetadataSource" class="com.sanchuan.erp.security.MyInvocationSecurityMetadataSourceService"> </beans:bean> ```
spring security和cas重定向问题
问题:spring security能请求到cas返回的用户,并且初始化了权限,但是又重定向回主页,在重定向的时候丢失了验证用户信息,导致变成游客。 如果设置自动重定向回请求页面,会导致循环重定向,游客请求--获取cas的用户信息---重定向--丢失userDetails--没有权限--重定向回cas--无限循环了。 下面贴代码。 <sec:http pattern="/static/**" security="none"/> <sec:http entry-point-ref="casAuthEntryPoint" access-denied-page="/static/html/error/403.html"> <!-- 当前session --> <sec:custom-filter ref="concurrentSessionFilter" position="CONCURRENT_SESSION_FILTER"/> <!-- 上下文 --> <sec:custom-filter ref="securityContextPersistenceFilter" before="SECURITY_CONTEXT_FILTER"/> <!-- 注销 --> <sec:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/> <!-- rememberMe <sec:custom-filter ref="rememberMeAuthenticationFilter" position="REMEMBER_ME_FILTER"/> --> <!-- Session固化,并发保护 --> <sec:custom-filter ref="sessionManagementFilter" before="SESSION_MANAGEMENT_FILTER"/> <!-- 异常 --> <sec:custom-filter ref="exceptionTranslationFilter" before="EXCEPTION_TRANSLATION_FILTER"/> <!-- CAS单点过滤 --> <sec:custom-filter ref="casFilter" position="CAS_FILTER"/> <!-- <sec:custom-filter ref="usernamePasswordAuthenticationFilter" after="CAS_FILTER"/> --> <!-- 权限拦截过滤 --> <sec:custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR"/> </sec:http> <!-- CAS provider,切点用到 --> <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <property name="service" value="http://localhost:8880/edu/j_spring_cas_security_check"/> <property name="sendRenew" value="false"/> </bean> <!-- 登陆切点 --> <bean id="casAuthEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <property name="loginUrl" value="http://localhost:8880/cas/login"/> <property name="serviceProperties" ref="serviceProperties"/> </bean> <!-- 验证器 --> <sec:authentication-manager alias="authenticationManager"> <sec:authentication-provider ref="casAuthenticationProvider"/> <!-- <sec:authentication-provider ref="rememberMeAuthenticationProvider"/>--> <!-- <sec:authentication-provider ref="daoAuthenticationProvider"/>--> </sec:authentication-manager> <!-- 过滤器 --> <bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationSuccessHandler"> <bean class="com.huihui.security.handler.LoginSuccessHandler"> <property name="indexUrl" value="/edu/eduHome/index" /> <property name="userService" ref="userService" /> </bean> </property> </bean> <!-- provicder用到, 用自己的userService --> <bean id="casAuthenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> <property name="userDetailsService" > <ref bean="userDetailsService" /> </property> </bean> <!-- cas验证 ,authen-manager用到--> <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <property name="authenticationUserDetailsService" ref="casAuthenticationUserDetailsService"/> <property name="serviceProperties" ref="serviceProperties" /> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <constructor-arg index="0" value="http://localhost:8880/cas" /> </bean> </property> <property name="key" value="an_id_for_this_auth_provider_only"/> </bean> <!-- 注销客户端 --> <bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" /> <!-- 注销服务器端 --> <bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <constructor-arg value="http://localhost:8880/cas/logout" /> <constructor-arg> <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> </constructor-arg> <property name="filterProcessesUrl" value="/logout.sec" /> </bean> <!-- 自定义UserDetailsService认证 --> <bean id="userDetailsService" class="com.huihui.security.service.UserDetailsServiceImpl"> </bean> <!-- 自定义资源权限关系认证 --> <bean id="accessDecisionManager" class="com.huihui.security.service.AccessDecisionManagerImpl" /> <!-- 自定义资源权限关系集合 --> <bean id="securityMetadataSource" class="com.huihui.security.service.SecurityMetadataSourceExtendImpl"> <property name="matcher" value="regex" /> </bean> <!-- 核心!=自定义认证管理,资源,权限 拦截--> <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager" /> <property name="accessDecisionManager" ref="accessDecisionManager" /> <property name="securityMetadataSource" ref="securityMetadataSource" /> </bean> 我所查看的日志得到的信息: 1.能请求到cas返回的用户,并且能用userDetailService装配完整的权限。 2.重定向的url就是在casFilter那个里面设置的。 3.在重定向之前有2次CAS请求,一次springsecurity有用户信息,但是不知道为什么会删除。 然后最后一次没有,变成游客,然后如果重定向的url需要权限,那么无限重定向。 如果重定向的URL不需要权限,那么就编程游客访问。 我所尝试的解决办法: 1.取消casFileter的重定向URL,自动重定向回"/" 这个主页。 2.删除权限验证filter,没有用户信息,是游客。 3.删除所有filter,只留cas和权限,没用还是无限重定向。
spring security cas单点登录拒绝访问
[b]cas服务端和cas客户端都已经配合,访问cas服务端可以登录,访问客户端应用资源的时候出现拒绝访问问题,但是[color=red]能成功跳转到cas服务端的login页面,输入账号密码后控制台打印显示出服务端登录成功,但是关于客户端的打印出现拒绝访问异常,而且httpSession不为null但是里面没值[/color][/b]。 初次使用spring security和cas望多多指教. 异常信息: [color=red][b]首次登录直接出现拒绝访问,但是却能跳转到cas 登录页面,[/b][/color] [quote] 信息: Server startup in 21955 ms 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: init: Associated with Deployer 'Catalina:type=Deployer,host=localhost' 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: init: Global resources are available 2012-6-6 11:51:31 org.apache.catalina.core.ApplicationContext log 信息: HTMLManager: list: Listing contexts for virtual host 'localhost' 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup.> 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 tickets found to be removed.> 2012-06-06 11:51:32,593 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.> 11:51:33,906 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 11:51:33,921 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:127 - No HttpSession currently exists 11:51:33,921 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:85 - No SecurityContext was available from the HttpSession: null. A new one will be created. 11:51:33,921 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 11:51:33,921 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 3 of 12 in additional filter chain; firing Filter: 'CasAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:311 - serviceTicketRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:362 - proxyReceptorConfigured = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:349 - proxyReceptorRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:327 - proxyTicketRequest = false 11:51:33,937 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:262 - requiresAuthentication = false 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 11:51:33,937 DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 11:51:33,937 DEBUG org.springframework.security.web.session.SessionManagementFilter:91 - Requested session IDFED78FFF2BDBC0647461CBFA29AB9B23 is invalid. 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 11:51:33,937 DEBUG org.springframework.security.web.FilterChainProxy:318 - /index.jsp at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 11:51:33,937 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:193 - Secure object: FilterInvocation: URL: /index.jsp; Attributes: [ROLE_USER] 11:51:33,937 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:298 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 11:51:33,937 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.RoleVoter@13e02ed, returned: -1 11:51:33,953 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@322394, returned: 0 11:51:33,968 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:165 - Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:877) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:594) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1675) at java.lang.Thread.run(Thread.java:662) 11:51:33,984 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:41 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/Cas_Client/] 11:51:33,984 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:185 - Calling Authentication entry point. 11:51:33,984 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:269 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 11:51:34,015 DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed 2012-06-06 11:51:34,921 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies to: /casServer/> [/quote] [color=red][b]跳转到登录页面后输入账号密码出现cas服务端的信息正常,但是关于cas客户端的和上面的异常一样:[/b][/color] 打印信息: [quote] 2012-06-06 12:03:21,625 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2012-06-06 12:03:21,625 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services.> start[1338955402531] time[603] tag[QueryDatabaseAuthenticationHandler] 2012-06-06 12:03:23,125 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: wucht]> 2012-06-06 12:03:23,234 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Resolved principal wucht> 2012-06-06 12:03:23,234 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Principal found: wucht> 2012-06-06 12:03:23,250 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: wucht] WHAT: supplied credentials: [username: wucht] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2012-06-06 12:03:23,250 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: wucht] WHAT: TGT-1-0WNh4MDLT57myMG77eF54B9ix5oQP0OItPnVBGDZBYac9Bj42E-casServer ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2012-06-06 12:03:23,265 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-eOK4CG7zd7cApkahlva9-casServer] for service [http://localhost:8080/Cas_Client/j_acegi_cas_security_check] for user [wucht]> 2012-06-06 12:03:23,265 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: wucht WHAT: ST-1-eOK4CG7zd7cApkahlva9-casServer for http://localhost:8080/Cas_Client/j_acegi_cas_security_check ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jun 06 12:03:23 CST 2012 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 12:03:23,296 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:139 - HttpSession returned null object for SPRING_SECURITY_CONTEXT 12:03:23,296 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:85 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@1ef3d12. A new one will be created. 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 3 of 12 in additional filter chain; firing Filter: 'CasAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:311 - serviceTicketRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:362 - proxyReceptorConfigured = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:349 - proxyReceptorRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:327 - proxyTicketRequest = false 12:03:23,296 DEBUG org.springframework.security.cas.web.CasAuthenticationFilter:262 - requiresAuthentication = false 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest:309 - pathInfo: both null (property equals) 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest:317 - queryString: arg1=null; arg2=ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer (property not equals) 12:03:23,296 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:75 - saved request doesn't match 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 12:03:23,296 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 12:03:23,296 DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fa86552: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 659060E504E41E2F28CF873803A07F81; Granted Authorities: ROLE_ANONYMOUS' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 12:03:23,312 DEBUG org.springframework.security.web.FilterChainProxy:318 - /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 12:03:23,312 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:193 - Secure object: FilterInvocation: URL: /j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer; Attributes: [ROLE_USER] 12:03:23,312 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor:298 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fa86552: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: 659060E504E41E2F28CF873803A07F81; Granted Authorities: ROLE_ANONYMOUS 12:03:23,312 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.RoleVoter@13e02ed, returned: -1 12:03:23,312 DEBUG org.springframework.security.access.vote.AffirmativeBased:65 - Voter: org.springframework.security.access.vote.AuthenticatedVoter@322394, returned: 0 12:03:23,312 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:165 - Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:205) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:114) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:877) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:594) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1675) at java.lang.Thread.run(Thread.java:662) 12:03:23,312 DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache:41 - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/Cas_Client/j_acegi_cas_security_check?ticket=ST-1-eOK4CG7zd7cApkahlva9-casServer] 12:03:23,312 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter:185 - Calling Authentication entry point. 12:03:23,312 DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository:269 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 12:03:23,343 DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed [/quote] [b]cas服务端配置:[/b] cas.properties [quote] #server.prefix=http://localhost:8080/cas #server.prefix=http://cas.wucht.com:8080/casServer server.prefix=http://localhost:8080/casServer cas.securityContext.serviceProperties.service=${server.prefix}/j_acegi_cas_security_check # Names of roles allowed to access the CAS service manager cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix} cas.themeResolver.defaultThemeName=cas-theme-default #cas.themeResolver.defaultThemeName=default cas.viewResolver.basename=default_views #host.name=cas host.name=casServer #database.hibernate.dialect=org.hibernate.dialect.OracleDialect database.hibernate.dialect=org.hibernate.dialect.MySQLDialect #database.hibernate.dialect=org.hibernate.dialect.HSQLDialect [/quote] deployerConfigContext.xml [quote] <?xml version="1.0" encoding="UTF-8"?> <!-- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that | all CAS deployers will need to modify. | | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. | The beans declared in this file are instantiated at context initialization time by the Spring | ContextLoaderListener declared in web.xml. It finds this file because this | file is among those declared in the context parameter "contextConfigLocation". | | By far the most common change you will need to make in this file is to change the last bean | declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with | one implementing your approach for authenticating usernames and passwords. +--> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- | This bean declares our AuthenticationManager. The CentralAuthenticationService service bean | declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, | "authenticationManager". Most deployers will be able to use the default AuthenticationManager | implementation and so do not need to change the class of this bean. We include the whole | AuthenticationManager here in the userConfigContext.xml so that you can see the things you will | need to change in context. +--> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <!-- | This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate. | The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which | supports the presented credentials. | | AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal | attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver | that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace | DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are | using. | | Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. | In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. | You will need to change this list if you are identifying services by something more or other than their callback URL. +--> <property name="credentialsToPrincipalResolvers"> <list> <!-- | UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login | by default and produces SimplePrincipal instances conveying the username from the credentials. | | If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also | need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the | Credentials you are using. +--> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"> <!--增加此属性,为认证过的用户的Principal添加属性--> <property name="attributeRepository" ref="attributeRepository"></property> </bean> <!-- | HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of | authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a | SimpleService identified by that callback URL. | | If you are representing services by something more or other than an HTTPS URL whereat they are able to | receive a proxy callback, you will need to change this bean declaration (or add additional declarations). +--> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <!-- | Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, | AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that | authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn | until it finds one that both supports the Credentials presented and succeeds in authenticating. +--> <property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> <!-- 数据库认证.wucht--> <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="dataSource" ref="dataSource" /> <property name="sql" value="select password from users where name=?" /> </bean> </list> </property> </bean> <!-- DATABASE 增加数据源配置 --> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property> <property name="url"><value>jdbc:mysql://localhost:3306/mysql?useUnicode=true&amp;characterEncoding=utf-8</value></property> <property name="username"><value>root</value></property> <property name="password"><value>root</value></property> </bean> <!-- This bean defines the security roles for the Services Management application. Simple deployments can use the in-memory version. More robust deployments will want to use another option, such as the Jdbc version. The name of this should remain "userDetailsService" in order for Spring Security to find it. --> <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />--> <sec:user-service id="userDetailsService"> <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" /> </sec:user-service> <!-- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation may go against a database or LDAP server. The id should remain "attributeRepository" though. --> <!-- <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </map> </property> </bean> --> <!-- 使用SingleRowJdbcPersonAttributeDao 获取更多用户的信息 --> <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"> <constructor-arg index="0" ref="dataSource"/> <constructor-arg index="1" value="select role_name from role where login_name = ?"/> <!--这里的key需写username,value对应数据库用户名字段 --> <property name="queryAttributeMapping"> <map> <entry key="username" value="login_name"/> </map> </property> <!--key对应数据库字段,value对应客户端获取参数 --> <!-- 返回数据认证后的数据 --> <property name="resultAttributeMapping"> <map> <!--这个从数据库中获取的角色,用于在应用中security的权限验证--> <entry key="role_name" value="authorities"/> </map> </property> </bean> <!-- Sample, in-memory data store for the ServiceRegistry. A real implementation would probably want to replace this with the JPA-backed ServiceRegistry DAO The name of this bean should remain "serviceRegistryDao". --> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <!-- <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="0" /> <property name="name" value="HTTP" /> <property name="description" value="Only Allows HTTP Urls" /> <property name="serviceId" value="http://**" /> <property name="evaluationOrder" value="10000001" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="1" /> <property name="name" value="HTTPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="https://**" /> <property name="evaluationOrder" value="10000002" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="2" /> <property name="name" value="IMAPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="imaps://**" /> <property name="evaluationOrder" value="10000003" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="3" /> <property name="name" value="IMAP" /> <property name="description" value="Only Allows IMAP Urls" /> <property name="serviceId" value="imap://**" /> <property name="evaluationOrder" value="10000004" /> </bean> </list> </property> --> </bean> <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> </beans> [/quote] [b]spring的配置代码如下:[/b][code="ruby"] <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd" default-lazy-init="true"> <!-- entry-point-ref="casEntryPoint"作用是认证的入口,是一个实现AuthenticationEntryPoint接口的类 ,为ExceptionTranslationFilter类提供认证依据, <custom-filter position="FORM_LOGIN_FILTER" ref="casFilter"/> 使用自定义的Filter,放置在过滤器链的FORM_LOGIN_FILTER的位置 casEntryPoint只是提供认证入口的作用,当没有权限,将跳转到该地址。 casFilter是处理CAS service ticket的,当无权访问时,会使用casEntryPoint提供认证入口 --> <http auto-config="true" entry-point-ref="casEntryPoint" access-denied-page="/403.jsp"> <intercept-url pattern="/**" access="ROLE_USER" /> <!-- ROLE_ADMIN--> <!-- logout-success-url="/login.html" --> <!-- 注销时需要先注销应用程序,再注销cas中心认证服务 --> <logout logout-url="/logout.html" success-handler-ref="casLogoutSuccessHandler" /> <custom-filter position="CAS_FILTER" ref="casFilter" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider ref="casAuthenticationProvider" /> </authentication-manager> <!-- cas中心认证服务入口 --> <beans:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <beans:property name="loginUrl" value="http://localhost:8080/casServer/login" /> <beans:property name="serviceProperties" ref="serviceProperties" /> </beans:bean> <!-- cas中心认证服务配置 --> <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <beans:property name="service" value="http://localhost:8080/Cas_Client/j_acegi_cas_security_check" /> <beans:property name="sendRenew" value="false" /> </beans:bean> <!-- CAS service ticket(中心认证服务凭据)验证 --> <beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager" /> <!-- <beans:property name="authenticationFailureHandler">--> <!-- <beans:bean--> <!-- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">--> <!-- <beans:property name="defaultFailureUrl"--> <!-- value="/logout.html" />--> <!-- </beans:bean>--> <!-- </beans:property>--> <!-- 登录成功后的页面,如果是固定的。否则 ref="authenticationSuccessHandler" --> <!-- <beans:property name="authenticationSuccessHandler">--> <!-- <beans:bean--> <!-- class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">--> <!-- <beans:property name="defaultTargetUrl"--> <!-- value="/index.jsp" />--> <!-- </beans:bean>--> <!-- </beans:property>--> </beans:bean> <!-- 从Cas Server得到用户信息 --> <beans:bean id="authenticationUserDetailsService" class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService"> <beans:constructor-arg> <beans:array> <beans:value>authorities</beans:value> </beans:array> </beans:constructor-arg> </beans:bean> <beans:bean id="userDetailsService" class="com.reportstart.security.service.impl.BocUserDetaislServiceImpl"> <!-- <beans:property name="userDao">--> <!-- <beans:ref bean="userDao" />--> <!-- </beans:property>--> </beans:bean> <!-- <beans:bean id="authenticationUserDetailsService"--> <!-- class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">--> <!-- <beans:property name="userDetailsService">--> <!-- <beans:ref local="userDetailsService" />--> <!-- </beans:property>--> <!-- </beans:bean>--> <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <!-- 使用自定义service获取用户信息 --> <!-- <beans:property name="authenticationUserDetailsService"--> <!-- ref="casAuthenticationUserDetailsService" />--> <!-- 通过Cas Server获取用户信息 --> <beans:property name="authenticationUserDetailsService" ref="authenticationUserDetailsService" /> <beans:property name="serviceProperties" ref="serviceProperties" /> <beans:property name="ticketValidator"> <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <beans:constructor-arg index="0" value="http://localhost:8080/casServer" /> </beans:bean> </beans:property> <!-- 自定义cas客户端应用标示.wucht.2012-6-4(每个cas客户端都需要一个key标示用于区分不同cas客户端) --> <beans:property name="key" value="Cas_Client" /> </beans:bean> <!-- 注销 --> <beans:bean id="casLogoutSuccessHandler" class="com.wucht.test.CasLogoutSuccessHandler"> </beans:bean> </beans:beans>[/code]
springsecurity登录时如何获取自定义参数
我在使用springsecurity做登录的时候,登录表单的提交路径变成了j_spring_security_check,而且带了两个参数j_username和j_password,如果我想在表单提交时多提交其他的参数,怎么在程序中获取这些自定义参数呢?我主要是想解决通过多个参数确定UserDetails的问题,而原来UserDetailsService接口里提供的loadUserByUsername(String loginId)方法只提供loginId一个参数去查询UserDetail……郁闷,请大家帮忙,谢谢。
spring boot login返回302
spring boot + spring security 之前没有遇到过这个问题,今天晚上登录的时候突发,本人刚入门spring boot 求大佬赐教 ![图片说明](https://img-ask.csdn.net/upload/201803/03/1520086911_774245.png) @Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter{ @Bean UserDetailsService customUserService(){ //CustomUserService注册bean return new CustomUserService(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(customUserService()); //添加自定义认证 } @Override protected void configure(HttpSecurity http) throws Exception { http.csrf() .disable(); http.authorizeRequests() .antMatchers("/js/**").permitAll() .antMatchers("/css/**").permitAll() .antMatchers("/bootstrap/**").permitAll() .antMatchers("/fonts/**").permitAll() .antMatchers("/favicon.ico").permitAll() .anyRequest().authenticated() //4 .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/word") .failureUrl("/login?error") .permitAll() //登陆页面可任意访问 .and() .logout().permitAll(); //注销页面可任意访问 } } public class WebMvcConfig extends WebMvcConfigurerAdapter{ @Override public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/login").setViewName("login");//注册访问/login转向login.html页面 } } 控制层: @Controller public class HomeController { @RequestMapping("/word") public String index(Model model){ return "home"; } @RequestMapping(value="/login",method = RequestMethod.GET) public String login(){ return "login"; } }
StringMVC+Spring-Security 登陆后地址栏出现/timeout 跳转到404页面
第一次使用Spring-Security ,下载了几个demo 也看了 文档, 使用最小http配置和配置测试用户 都是正常的, 就是使用数据库用户登录的时候,不知道是哪里出的问题, 求指点,感激不尽! [b]spring-security.xml内容[/b]: [code="java"] <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd" default-autowire="byType" default-lazy-init="true"> <http auto-config='true'> <intercept-url pattern="/img/**" filters="none"/> <!-- 静态资源、登陆页面不过滤, filters="none" 表示不过滤 --> <intercept-url pattern="/js/**" filters="none"/> <intercept-url pattern="/css/**" filters="none"/> <intercept-url pattern="/dwz/**" filters="none"/> <intercept-url pattern="/index.jsp*" filters="none"/> <intercept-url pattern="/hello" filters="none"/> <intercept-url pattern="/user/login" filters="none"/> <intercept-url pattern="/**" access="ROLE_USER"/> <form-login login-page='/hello' default-target-url='/user/index' always-use-default-target='true'/> </http> <!-- 测试用户 <authentication-manager> <authentication-provider> <user-service> <user name="jimi" password="jimispassword" authorities="ROLE_USER,ROLE_ADMIN"/> <user name="bob" password="bobspassword" authorities="ROLE_USER"/> </user-service> </authentication-provider> </authentication-manager> --> <!-- 指定一个自定义的authentication-manager :customUserDetailsService --> <authentication-manager> <authentication-provider user-service-ref="customUserDetailsService"> <password-encoder hash="plaintext"/> </authentication-provider> </authentication-manager> <beans:bean id="customUserDetailsService" class="com.travel.spring.service.UserDetailsServiceImpl" /> </beans:beans> [/code] [b] com.travel.spring.service.UserDetailsServiceImpl 代码:[/b] [code="java"] package com.travel.spring.service; import java.util.ArrayList; import java.util.Collection; import javax.annotation.Resource; import org.apache.log4j.Logger; import org.springframework.dao.DataAccessException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.transaction.annotation.Transactional; import com.travel.spring.model.WebUser; @Transactional(readOnly = true) public class UserDetailsServiceImpl implements UserDetailsService { protected static Logger logger = Logger.getLogger("service"); @Resource(name = "webUserService") private IWebUserService webUserService; public UserDetails loadUserByUsername(String username){ try { WebUser user = webUserService.getUserByName(username);// user已经获得 为:admin,123456,李岩 if (user == null) { throw new UsernameNotFoundException("用户{ " + username + " }不存在!"); } //Set<GrantedAuthority> grantedAuths = obtainGrantedAuthorities(user); Collection<GrantedAuthority>grantedAuths = obtainGrantedAuthorities(user); // -- mini-web示例中无以下属性, 暂时全部设为true. --// boolean enabled = true; boolean accountNonExpired = true; boolean credentialsNonExpired = true; boolean accountNonLocked = true; UserDetails userdetails = new org.springframework.security.core.userdetails.User( user.getLoginName(), user.getPassWord(), enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, grantedAuths); return userdetails; } catch (Exception e) { // TODO: handle exception } return null; } /** * 获得当前User的权限('ROLE_' 开头的) */ private Collection<GrantedAuthority> obtainGrantedAuthorities(WebUser user) { Collection<GrantedAuthority> auths=new ArrayList<GrantedAuthority>(); GrantedAuthorityImpl auth2=new GrantedAuthorityImpl("ROLE_USER"); auths.add(auth2); return auths; } } [/code] [b]登陆页面代码:[/b] [code="java"] <div class="panel-c-l"> <form name="f" action="<%=path%>/j_spring_security_check" method='post'> <table cellpadding="0" cellspacing="0"> <tbody> <tr> <td align="left" colspan="2"> <h3>请使用Travel Manager系统账号登陆</h3> </td> </tr> <tr> <td align="right">账号:</td><td align="left"><input type="text" id="j_username" name="j_username" class="login-text" /></td> </tr> <tr> <td align="right">密码:</td><td align="left"><input type="password" name="j_password" class="login-text" /></td> </tr> <tr> <td align="center" colspan="2"> <input type="submit" id="btnLogin" value="登陆" class="login-btn" /> </td> </tr> </tbody> </table> </form> </div> [/code] [b] UserController.java 代码[/b] [code="java"]package com.travel.spring.web; import java.util.ArrayList; import java.util.Collection; import java.util.List; import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import com.travel.spring.model.WebUser; import com.travel.spring.service.IWebUserService; @Controller @RequestMapping("/user") public class UserController { private IWebUserService webUserService; public IWebUserService getWebUserService() { return webUserService; } public void setWebUserService(IWebUserService webUserService) { this.webUserService = webUserService; } @RequestMapping(value="/index") public String index(Model model,HttpServletRequest request,HttpSession session) throws Exception{ return "admin/index"; } } [/code] 用户名 密码填写错误,还是跳转到当前页面, 如果填写正确了,就会出现 /timeout 404页面 ,如图 [img]http://dl.iteye.com/upload/attachment/0083/5848/ea079fb1-37b6-3aaa-806e-7af4198b89a3.jpg[/img]
springsecurity和cas 重定向
问题:spring security能请求到cas返回的用户,并且初始化了权限,但是又重定向回主页,在重定向的时候丢失了验证用户信息,导致变成游客。 如果设置自动重定向回请求页面,会导致循环重定向,游客请求--获取cas的用户信息---重定向--丢失userDetails--没有权限--重定向回cas--无限循环了。 下面贴代码。 <sec:http pattern="/static/**" security="none"/> <sec:http entry-point-ref="casAuthEntryPoint" access-denied-page="/static/html/error/403.html"> <!-- 当前session --> <sec:custom-filter ref="concurrentSessionFilter" position="CONCURRENT_SESSION_FILTER"/> <!-- 上下文 --> <sec:custom-filter ref="securityContextPersistenceFilter" before="SECURITY_CONTEXT_FILTER"/> <!-- 注销 --> <sec:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/> <!-- rememberMe <sec:custom-filter ref="rememberMeAuthenticationFilter" position="REMEMBER_ME_FILTER"/> --> <!-- Session固化,并发保护 --> <sec:custom-filter ref="sessionManagementFilter" before="SESSION_MANAGEMENT_FILTER"/> <!-- 异常 --> <sec:custom-filter ref="exceptionTranslationFilter" before="EXCEPTION_TRANSLATION_FILTER"/> <!-- CAS单点过滤 --> <sec:custom-filter ref="casFilter" position="CAS_FILTER"/> <!-- <sec:custom-filter ref="usernamePasswordAuthenticationFilter" after="CAS_FILTER"/> --> <!-- 权限拦截过滤 --> <sec:custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR"/> </sec:http> <!-- CAS provider,切点用到 --> <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <property name="service" value="http://localhost:8880/edu/j_spring_cas_security_check"/> <property name="sendRenew" value="false"/> </bean> <!-- 登陆切点 --> <bean id="casAuthEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <property name="loginUrl" value="http://localhost:8880/cas/login"/> <property name="serviceProperties" ref="serviceProperties"/> </bean> <!-- 验证器 --> <sec:authentication-manager alias="authenticationManager"> <sec:authentication-provider ref="casAuthenticationProvider"/> <!-- <sec:authentication-provider ref="rememberMeAuthenticationProvider"/>--> <!-- <sec:authentication-provider ref="daoAuthenticationProvider"/>--> </sec:authentication-manager> <!-- 过滤器 --> <bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationSuccessHandler"> <bean class="com.huihui.security.handler.LoginSuccessHandler"> <property name="indexUrl" value="/edu/eduHome/index" /> <property name="userService" ref="userService" /> </bean> </property> </bean> <!-- provicder用到, 用自己的userService --> <bean id="casAuthenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> <property name="userDetailsService" > <ref bean="userDetailsService" /> </property> </bean> <!-- cas验证 ,authen-manager用到--> <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <property name="authenticationUserDetailsService" ref="casAuthenticationUserDetailsService"/> <property name="serviceProperties" ref="serviceProperties" /> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <constructor-arg index="0" value="http://localhost:8880/cas" /> </bean> </property> <property name="key" value="an_id_for_this_auth_provider_only"/> </bean> <!-- 注销客户端 --> <bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" /> <!-- 注销服务器端 --> <bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <constructor-arg value="http://localhost:8880/cas/logout" /> <constructor-arg> <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> </constructor-arg> <property name="filterProcessesUrl" value="/logout.sec" /> </bean> <!-- 自定义UserDetailsService认证 --> <bean id="userDetailsService" class="com.huihui.security.service.UserDetailsServiceImpl"> </bean> <!-- 自定义资源权限关系认证 --> <bean id="accessDecisionManager" class="com.huihui.security.service.AccessDecisionManagerImpl" /> <!-- 自定义资源权限关系集合 --> <bean id="securityMetadataSource" class="com.huihui.security.service.SecurityMetadataSourceExtendImpl"> <property name="matcher" value="regex" /> </bean> <!-- 核心!=自定义认证管理,资源,权限 拦截--> <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager" /> <property name="accessDecisionManager" ref="accessDecisionManager" /> <property name="securityMetadataSource" ref="securityMetadataSource" /> </bean> 我所查看的日志得到的信息: 1.能请求到cas返回的用户,并且能用userDetailService装配完整的权限。 2.重定向的url就是在casFilter那个里面设置的。 3.在重定向之前有2次CAS请求,一次springsecurity有用户信息,但是不知道为什么会删除。 然后最后一次没有,变成游客,然后如果重定向的url需要权限,那么无限重定向。 如果重定向的URL不需要权限,那么就编程游客访问。 我所尝试的解决办法: 1.取消casFileter的重定向URL,自动重定向回"/" 这个主页。 2.删除权限验证filter,没有用户信息,是游客。 3.删除所有filter,只留cas和权限,没用还是无限重定向。
CAS服务端登陆成功,不能返回目标页面
输入网址 http://fighting.com:8080/loginPlatformClient 跳转到https://fighting.com:8443/cas/login?service=http%3A%2F%2Ffighting.com%3A8080%2FloginPlatformClient%2Fj_spring_cas_security_check输入账户和密码登陆成功 却跳转到 http://fighting.com:8080/loginPlatformClient/页面这是为什么? 如果输入网址http://fighting.com:8080/loginPlatformClient/indexUser.jsp 跳转到https://fighting.com:8443/cas/login?service=http%3A%2F%2Ffighting.com%3A8080%2FloginPlatformClient%2Fj_spring_cas_security_check输入用户名 密码后http://fighting.com:8080/loginPlatformClient/这是为什么? 配置如下: <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth2="http://www.springframework.org/schema/security/oauth2" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd"> <http auto-config="false" use-expressions="false" entry-point-ref="authEntryPoint" disable-url-rewriting="false"> <intercept-url pattern="/indexAdmin.jsp" access="ROLE_ADMIN" /> <intercept-url pattern="/indexUser.jsp" access="ROLE_USER" /> <intercept-url pattern="/indexSecurity.jsp" access="ROLE_SECURITY" /> <intercept-url pattern="/indexAuditor.jsp" access="ROLE_AUDITOR" /> <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <!-- 登出配置 --> <logout logout-url="/j_spring_security_logout" logout-success-url="/login.jsp" delete-cookies="JSESSIONID"/> <!-- 登出Cas Server的过滤器 --> <custom-filter ref="requestCasLogoutFilter" before="LOGOUT_FILTER"/> <!-- 登出Spring Security的过滤器 --> <custom-filter ref="casLogoutFilter" before="CAS_FILTER"/> <custom-filter ref="casFilter" position="CAS_FILTER"/> <!-- 添加自己定义的AuthenticationFilter到FilterChain的FORM_LOGIN_FILTER位置 --> <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/> </http> <beans:bean id="requestCasLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <!-- 指定登出成功后需要跳转的地址,这里指向Cas Server的登出URL,以实现单点登出 --> <beans:constructor-arg value="https://fighting.com:8443/cas/logout"/> <beans:constructor-arg> <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> </beans:constructor-arg> <!-- 该Filter需要处理的地址,默认是Spring Security的默认登出地址“/j_spring_security_logout” --> <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/> </beans:bean> <beans:bean id="casLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/> <beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <!-- AuthenticationEntryPoint,引导用户进行登录 --> <beans:bean id="authEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <beans:property name="loginUrl" value="https://fighting.com:8443/cas/login"/><!-- Cas Server的登录地址 --> <beans:property name="serviceProperties" ref="serviceProperties" /><!-- service相关的属性 --> </beans:bean> <!-- 指定service相关信息 --> <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <!-- Cas Server认证成功后的跳转地址,这里要跳转到我们的Spring Security应用,之后会由CasAuthenticationFilter处理,默认处理地址为/j_spring_cas_security_check --> <beans:property name="service" value="http://fighting.com:8080/loginPlatformClient/j_spring_cas_security_check" /> <beans:property name="sendRenew" value="false"/> </beans:bean> <!-- 认证过滤器 --> <beans:bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" > <!-- 登录提交处理 --> <beans:property name="filterProcessesUrl" value="/j_spring_security_check"></beans:property> <!-- 登录成功跳转 --> <beans:property name="authenticationSuccessHandler" ref="authenticationDispatcher"></beans:property> <!-- 设置登录失败的网址 --> <beans:property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler"></beans:property> <!-- 用户拥有权限 --> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <beans:bean id="simpleUrlAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <beans:property name="defaultFailureUrl" value="/login.jsp?error=true"></beans:property> </beans:bean> <authentication-manager alias="authenticationManager"> <!-- 使用自定义的重写的MyUserService类来实现从数据库中读取账户密码和权限,并在提交表单的过程中使用md5进行加密后再发送post请求到j_spring_security_check进行登录验证 --> <authentication-provider user-service-ref="MyUserService"> <password-encoder hash="md5" ref="passwordEncoder"> </password-encoder> </authentication-provider> <authentication-provider ref="casAuthenticationProvider"/> </authentication-manager> <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <!-- 通过username来加载UserDetails --> <beans:property name="authenticationUserDetailsService"> <beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> <!-- 真正加载UserDetails的UserDetailsService实现 --> <beans:constructor-arg ref="userDetailsManager" /> </beans:bean> </beans:property> <beans:property name="serviceProperties" ref="serviceProperties" /> <!-- 配置TicketValidator在登录认证成功后验证ticket --> <beans:property name="ticketValidator"> <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <!-- Cas Server访问地址的前缀,即根路径--> <beans:constructor-arg index="0" value="https://fighting.com:8443/cas" /> </beans:bean> </beans:property> <beans:property name="key" value="key4CasAuthenticationProvider" /> </beans:bean> <!-- 认证成功的处理类 --> <beans:bean id="authenticationDispatcher" class="com.potevio.serivce.MyAuthenticationSuccessHandler"> <beans:property name="authDispatcherMap"> <beans:ref bean="dispatcherMap"/> </beans:property> </beans:bean> <beans:bean id="dispatcherMap" class="java.util.HashMap"> <beans:constructor-arg> <beans:map> <beans:entry key="ROLE_ADMIN" value="/indexAdmin.jsp"/> <beans:entry key="ROLE_USER" value="/indexUser.jsp"/> <beans:entry key="ROLE_SECURITY" value="/indexSecurity.jsp"/> <beans:entry key="ROLE_AUDITOR" value="/indexAuditor.jsp"/> </beans:map> </beans:constructor-arg> </beans:bean> <beans:bean id="userDetailsManager" class="com.potevio.serivce.UserDetailsManager"/> <beans:bean id="MyUserService" class="com.potevio.serivce.MyUserService"> </beans:bean> <beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"> </beans:bean> <!-- 用于使用eID登录后再登录系统的手动认证过程,读取bean MyUserService,构建 UserDetails --> <!-- <beans:bean id="SpringContextUtil " class="com.potevio.common.utils.SpringContextUtil "> </beans:bean> --> </beans:beans>
相见恨晚的超实用网站
搞学习 知乎:www.zhihu.com 简答题:http://www.jiandati.com/ 网易公开课:https://open.163.com/ted/ 网易云课堂:https://study.163.com/ 中国大学MOOC:www.icourse163.org 网易云课堂:study.163.com 哔哩哔哩弹幕网:www.bilibili.com 我要自学网:www.51zxw
爬虫福利二 之 妹子图网MM批量下载
爬虫福利一:27报网MM批量下载    点击 看了本文,相信大家对爬虫一定会产生强烈的兴趣,激励自己去学习爬虫,在这里提前祝:大家学有所成! 目标网站:妹子图网 环境:Python3.x 相关第三方模块:requests、beautifulsoup4 Re:各位在测试时只需要将代码里的变量 path 指定为你当前系统要保存的路径,使用 python xxx.py 或IDE运行即可。
字节跳动视频编解码面经
引言 本文主要是记录一下面试字节跳动的经历。 三四月份投了字节跳动的实习(图形图像岗位),然后hr打电话过来问了一下会不会opengl,c++,shador,当时只会一点c++,其他两个都不会,也就直接被拒了。 七月初内推了字节跳动的提前批,因为内推没有具体的岗位,hr又打电话问要不要考虑一下图形图像岗,我说实习投过这个岗位不合适,不会opengl和shador,然后hr就说秋招更看重基础。我当时
开源一个功能完整的SpringBoot项目框架
福利来了,给大家带来一个福利。 最近想了解一下有关Spring Boot的开源项目,看了很多开源的框架,大多是一些demo或者是一个未成形的项目,基本功能都不完整,尤其是用户权限和菜单方面几乎没有完整的。 想到我之前做的框架,里面通用模块有:用户模块,权限模块,菜单模块,功能模块也齐全了,每一个功能都是完整的。 打算把这个框架分享出来,供大家使用和学习。 为什么用框架? 框架可以学习整体
源码阅读(19):Java中主要的Map结构——HashMap容器(下1)
(接上文《源码阅读(18):Java中主要的Map结构——HashMap容器(中)》) 3.4.4、HashMap添加K-V键值对(红黑树方式) 上文我们介绍了在HashMap中table数组的某个索引位上,基于单向链表添加新的K-V键值对对象(HashMap.Node&lt;K, V&gt;类的实例),但是我们同时知道在某些的场景下,HashMap中table数据的某个索引位上,数据是按照红黑树
c++制作的植物大战僵尸,开源,一代二代结合游戏
    此游戏全部由本人自己制作完成。游戏大部分的素材来源于原版游戏素材,少部分搜集于网络,以及自己制作。 此游戏为同人游戏而且仅供学习交流使用,任何人未经授权,不得对本游戏进行更改、盗用等,否则后果自负。 目前有六种僵尸和六种植物,植物和僵尸的动画都是本人做的。qq:2117610943 开源代码下载 提取码:3vzm 点击下载--&gt; 11月28日 新增四种植物 统一植物画风,全部修
Java学习的正确打开方式
在博主认为,对于入门级学习java的最佳学习方法莫过于视频+博客+书籍+总结,前三者博主将淋漓尽致地挥毫于这篇博客文章中,至于总结在于个人,实际上越到后面你会发现学习的最好方式就是阅读参考官方文档其次就是国内的书籍,博客次之,这又是一个层次了,这里暂时不提后面再谈。博主将为各位入门java保驾护航,各位只管冲鸭!!!上天是公平的,只要不辜负时间,时间自然不会辜负你。 何谓学习?博主所理解的学习,它
程序员必须掌握的核心算法有哪些?
由于我之前一直强调数据结构以及算法学习的重要性,所以就有一些读者经常问我,数据结构与算法应该要学习到哪个程度呢?,说实话,这个问题我不知道要怎么回答你,主要取决于你想学习到哪些程度,不过针对这个问题,我稍微总结一下我学过的算法知识点,以及我觉得值得学习的算法。这些算法与数据结构的学习大多数是零散的,并没有一本把他们全部覆盖的书籍。下面是我觉得值得学习的一些算法以及数据结构,当然,我也会整理一些看过
Python——画一棵漂亮的樱花树(不同种樱花+玫瑰+圣诞树喔)
最近翻到一篇知乎,上面有不少用Python(大多是turtle库)绘制的树图,感觉很漂亮,我整理了一下,挑了一些我觉得不错的代码分享给大家(这些我都测试过,确实可以生成喔~) one 樱花树 动态生成樱花 效果图(这个是动态的): 实现代码 import turtle as T import random import time # 画樱花的躯干(60,t) def Tree(branch
linux系列之常用运维命令整理笔录
本博客记录工作中需要的linux运维命令,大学时候开始接触linux,会一些基本操作,可是都没有整理起来,加上是做开发,不做运维,有些命令忘记了,所以现在整理成博客,当然vi,文件操作等就不介绍了,慢慢积累一些其它拓展的命令,博客不定时更新 顺便拉下票,我在参加csdn博客之星竞选,欢迎投票支持,每个QQ或者微信每天都可以投5票,扫二维码即可,http://m234140.nofollow.ax.
Python 基础(一):入门必备知识
目录1 标识符2 关键字3 引号4 编码5 输入输出6 缩进7 多行8 注释9 数据类型10 运算符10.1 常用运算符10.2 运算符优先级 1 标识符 标识符是编程时使用的名字,用于给变量、函数、语句块等命名,Python 中标识符由字母、数字、下划线组成,不能以数字开头,区分大小写。 以下划线开头的标识符有特殊含义,单下划线开头的标识符,如:_xxx ,表示不能直接访问的类属性,需通过类提供
深度学习图像算法在内容安全领域的应用
互联网给人们生活带来便利的同时也隐含了大量不良信息,防范互联网平台有害内容传播引起了多方面的高度关注。本次演讲从技术层面分享网易易盾在内容安全领域的算法实践经验,包括深度学习图
程序员接私活怎样防止做完了不给钱?
首先跟大家说明一点,我们做 IT 类的外包开发,是非标品开发,所以很有可能在开发过程中会有这样那样的需求修改,而这种需求修改很容易造成扯皮,进而影响到费用支付,甚至出现做完了项目收不到钱的情况。 那么,怎么保证自己的薪酬安全呢? 我们在开工前,一定要做好一些证据方面的准备(也就是“讨薪”的理论依据),这其中最重要的就是需求文档和验收标准。一定要让需求方提供这两个文档资料作为开发的基础。之后开发
网页实现一个简单的音乐播放器(大佬别看。(⊙﹏⊙))
今天闲着无事,就想写点东西。然后听了下歌,就打算写个播放器。 于是乎用h5 audio的加上js简单的播放器完工了。 欢迎 改进 留言。 演示地点跳到演示地点 html代码如下`&lt;!DOCTYPE html&gt; &lt;html&gt; &lt;head&gt; &lt;title&gt;music&lt;/title&gt; &lt;meta charset="utf-8"&gt
Python十大装B语法
Python 是一种代表简单思想的语言,其语法相对简单,很容易上手。不过,如果就此小视 Python 语法的精妙和深邃,那就大错特错了。本文精心筛选了最能展现 Python 语法之精妙的十个知识点,并附上详细的实例代码。如能在实战中融会贯通、灵活使用,必将使代码更为精炼、高效,同时也会极大提升代码B格,使之看上去更老练,读起来更优雅。 1. for - else 什么?不是 if 和 else 才
数据库优化 - SQL优化
前面一篇文章从实例的角度进行数据库优化,通过配置一些参数让数据库性能达到最优。但是一些“不好”的SQL也会导致数据库查询变慢,影响业务流程。本文从SQL角度进行数据库优化,提升SQL运行效率。 判断问题SQL 判断SQL是否有问题时可以通过两个表象进行判断: 系统级别表象 CPU消耗严重 IO等待严重 页面响应时间过长
2019年11月中国大陆编程语言排行榜
2019年11月2日,我统计了某招聘网站,获得有效程序员招聘数据9万条。针对招聘信息,提取编程语言关键字,并统计如下: 编程语言比例 rank pl_ percentage 1 java 33.62% 2 c/c++ 16.42% 3 c_sharp 12.82% 4 javascript 12.31% 5 python 7.93% 6 go 7.25% 7
通俗易懂地给女朋友讲:线程池的内部原理
餐厅的约会 餐盘在灯光的照耀下格外晶莹洁白,女朋友拿起红酒杯轻轻地抿了一小口,对我说:“经常听你说线程池,到底线程池到底是个什么原理?”我楞了一下,心里想女朋友今天是怎么了,怎么突然问出这么专业的问题,但做为一个专业人士在女朋友面前也不能露怯啊,想了一下便说:“我先给你讲讲我前同事老王的故事吧!” 大龄程序员老王 老王是一个已经北漂十多年的程序员,岁数大了,加班加不动了,升迁也无望,于是拿着手里
经典算法(5)杨辉三角
杨辉三角 是经典算法,这篇博客对它的算法思想进行了讲解,并有完整的代码实现。
腾讯算法面试题:64匹马8个跑道需要多少轮才能选出最快的四匹?
昨天,有网友私信我,说去阿里面试,彻底的被打击到了。问了为什么网上大量使用ThreadLocal的源码都会加上private static?他被难住了,因为他从来都没有考虑过这个问题。无独有偶,今天笔者又发现有网友吐槽了一道腾讯的面试题,我们一起来看看。 腾讯算法面试题:64匹马8个跑道需要多少轮才能选出最快的四匹? 在互联网职场论坛,一名程序员发帖求助到。二面腾讯,其中一个算法题:64匹
面试官:你连RESTful都不知道我怎么敢要你?
面试官:了解RESTful吗? 我:听说过。 面试官:那什么是RESTful? 我:就是用起来很规范,挺好的 面试官:是RESTful挺好的,还是自我感觉挺好的 我:都挺好的。 面试官:… 把门关上。 我:… 要干嘛?先关上再说。 面试官:我说出去把门关上。 我:what ?,夺门而去 文章目录01 前言02 RESTful的来源03 RESTful6大原则1. C-S架构2. 无状态3.统一的接
为啥国人偏爱Mybatis,而老外喜欢Hibernate/JPA呢?
关于SQL和ORM的争论,永远都不会终止,我也一直在思考这个问题。昨天又跟群里的小伙伴进行了一番讨论,感触还是有一些,于是就有了今天这篇文。 声明:本文不会下关于Mybatis和JPA两个持久层框架哪个更好这样的结论。只是摆事实,讲道理,所以,请各位看官勿喷。 一、事件起因 关于Mybatis和JPA孰优孰劣的问题,争论已经很多年了。一直也没有结论,毕竟每个人的喜好和习惯是大不相同的。我也看
项目中的if else太多了,该怎么重构?
介绍 最近跟着公司的大佬开发了一款IM系统,类似QQ和微信哈,就是聊天软件。我们有一部分业务逻辑是这样的 if (msgType = "文本") { // dosomething } else if(msgType = "图片") { // doshomething } else if(msgType = "视频") { // doshomething } else { // doshom...
致 Python 初学者
欢迎来到“Python进阶”专栏!来到这里的每一位同学,应该大致上学习了很多 Python 的基础知识,正在努力成长的过程中。在此期间,一定遇到了很多的困惑,对未来的学习方向感到迷茫。我非常理解你们所面临的处境。我从2007年开始接触 python 这门编程语言,从2009年开始单一使用 python 应对所有的开发工作,直至今天。回顾自己的学习过程,也曾经遇到过无数的困难,也曾经迷茫过、困惑过。开办这个专栏,正是为了帮助像我当年一样困惑的 Python 初学者走出困境、快速成长。希望我的经验能真正帮到你
Python 编程实用技巧
Python是一门很灵活的语言,也有很多实用的方法,有时候实现一个功能可以用多种方法实现,我这里总结了一些常用的方法,并会持续更新。
“狗屁不通文章生成器”登顶GitHub热榜,分分钟写出万字形式主义大作
一、垃圾文字生成器介绍 最近在浏览GitHub的时候,发现了这样一个骨骼清奇的雷人项目,而且热度还特别高。 项目中文名:狗屁不通文章生成器 项目英文名:BullshitGenerator 根据作者的介绍,他是偶尔需要一些中文文字用于GUI开发时测试文本渲染,因此开发了这个废话生成器。但由于生成的废话实在是太过富于哲理,所以最近已经被小伙伴们给玩坏了。 他的文风可能是这样的: 你发现,...
程序员:我终于知道post和get的区别
是一个老生常谈的话题,然而随着不断的学习,对于以前的认识有很多误区,所以还是需要不断地总结的,学而时习之,不亦说乎
"狗屁不通文章生成器"登顶GitHub热榜,分分钟写出万字形式主义大作
GitHub 被誉为全球最大的同性交友网站,……,陪伴我们已经走过 10+ 年时间,它托管了大量的软件代码,同时也承载了程序员无尽的欢乐。 万字申请,废话报告,魔幻形式主义大作怎么写?兄dei,狗屁不通文章生成器了解一下。这个富有灵魂的项目名吸引了众人的目光。项目仅仅诞生一周,便冲上了GitHub趋势榜榜首(Js中文网 -前端进阶资源教程)、是榜首哦
推荐几款比较实用的工具,网站
1.盘百度PanDownload 这个云盘工具是免费的,可以进行资源搜索,提速(偶尔会抽风????) 不要去某站买付费的???? PanDownload下载地址 2.BeJSON 这是一款拥有各种在线工具的网站,推荐它的主要原因是网站简洁,功能齐全,广告相比其他广告好太多了 bejson网站 3.二维码美化 这个网站的二维码美化很好看,网站界面也很...
《程序人生》系列-这个程序员只用了20行代码就拿了冠军
你知道的越多,你不知道的越多 点赞再看,养成习惯GitHub上已经开源https://github.com/JavaFamily,有一线大厂面试点脑图,欢迎Star和完善 前言 这一期不算《吊打面试官》系列的,所有没前言我直接开始。 絮叨 本来应该是没有这期的,看过我上期的小伙伴应该是知道的嘛,双十一比较忙嘛,要值班又要去帮忙拍摄年会的视频素材,还得搞个程序员一天的Vlog,还要写BU...
程序员把地府后台管理系统做出来了,还有3.0版本!12月7号最新消息:已在开发中有github地址
第一幕:缘起 听说阎王爷要做个生死簿后台管理系统,我们派去了一个程序员…… 996程序员做的梦: 第一场:团队招募 为了应对地府管理危机,阎王打算找“人”开发一套地府后台管理系统,于是就在地府总经办群中发了项目需求。 话说还是中国电信的信号好,地府都是满格,哈哈!!! 经常会有外行朋友问:看某网站做的不错,功能也简单,你帮忙做一下? 而这次,面对这样的需求,这个程序员...
网易云6亿用户音乐推荐算法
网易云音乐是音乐爱好者的集聚地,云音乐推荐系统致力于通过 AI 算法的落地,实现用户千人千面的个性化推荐,为用户带来不一样的听歌体验。 本次分享重点介绍 AI 算法在音乐推荐中的应用实践,以及在算法落地过程中遇到的挑战和解决方案。 将从如下两个部分展开: AI算法在音乐推荐中的应用 音乐场景下的 AI 思考 从 2013 年 4 月正式上线至今,网易云音乐平台持续提供着:乐屏社区、UGC...
Spring Security 实战干货:基于注解的接口角色访问控制
1. 前言 欢迎阅读 Spring Security 实战干货[1] 系列文章 。在上一篇 基于配置的接口角色访问控制[2] 我们讲解了如何通过 javaConfig 的方式配置接口的角色访问控制。其实还有一种更加灵活的配置方式 基于注解 。今天我们就来探讨一下。DEMO 获取方式在文末。 2. Spring Security 方法安全 Spring Security 基于注解的安全...
8年经验面试官详解 Java 面试秘诀
作者 |胡书敏 责编 | 刘静 出品 | CSDN(ID:CSDNnews) 本人目前在一家知名外企担任架构师,而且最近八年来,在多家外企和互联网公司担任Java技术面试官,前后累计面试了有两三百位候选人。在本文里,就将结合本人的面试经验,针对Java初学者、Java初级开发和Java开发,给出若干准备简历和准备面试的建议。 Java程序员准备和投递简历的实...
面试官如何考察你的思维方式?
1.两种思维方式在求职面试中,经常会考察这种问题:北京有多少量特斯拉汽车?某胡同口的煎饼摊一年能卖出多少个煎饼?深圳有多少个产品经理?一辆公交车里能装下多少个乒乓球?一个正常成年人有多少根头发?这类估算问题,被称为费米问题,是以科学家费米命名的。为什么面试会问这种问题呢?这类问题能把两类人清楚地区分出来。一类是具有文科思维的人,擅长赞叹和模糊想象,它主要依靠的是人的第一反应和直觉,比如小孩...
碎片化的时代,如何学习
今天周末,和大家聊聊学习这件事情。 在如今这个社会,我们的时间被各类 APP 撕的粉碎。 刷知乎、刷微博、刷朋友圈; 看论坛、看博客、看公号; 等等形形色色的信息和知识获取方式一个都不错过。 貌似学了很多,但是却感觉没什么用。 要解决上面这些问题,首先要分清楚一点,什么是信息,什么是知识。 那什么是信息呢? 你一切听到的、看到的,都是信息,比如微博上的明星出轨、微信中的表情大战、抖音上的...
so easy! 10行代码写个"狗屁不通"文章生成器
前几天,GitHub 有个开源项目特别火,只要输入标题就可以生成一篇长长的文章。 背后实现代码一定很复杂吧,里面一定有很多高深莫测的机器学习等复杂算法 不过,当我看了源代码之后 这程序不到50行 尽管我有多年的Python经验,但我竟然一时也没有看懂 当然啦,原作者也说了,这个代码也是在无聊中诞生的,平时撸码是不写中文变量名的, 中文...
相关热词 如何提升c#开发能力 矩阵乘法c# c#调用谷歌浏览器 c# 去空格去转义符 c#用户登录窗体代码 c# 流 c# linux 可视化 c# mvc 返回图片 c# 像素空间 c# 日期 最后一天
立即提问