第一次使用Spring-Security ,下载了几个demo 也看了 文档, 使用最小http配置和配置测试用户 都是正常的, 就是使用数据库用户登录的时候,不知道是哪里出的问题, 求指点,感激不尽!
[b]spring-security.xml内容[/b]:
[code="java"]
<?xml version="1.0" encoding="UTF-8"?>
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"
default-autowire="byType" default-lazy-init="true">
<http auto-config='true'>
<intercept-url pattern="/img/**" filters="none"/> <!-- 静态资源、登陆页面不过滤, filters="none" 表示不过滤 -->
<intercept-url pattern="/js/**" filters="none"/>
<intercept-url pattern="/css/**" filters="none"/>
<intercept-url pattern="/dwz/**" filters="none"/>
<intercept-url pattern="/index.jsp*" filters="none"/>
<intercept-url pattern="/hello" filters="none"/>
<intercept-url pattern="/user/login" filters="none"/>
<intercept-url pattern="/**" access="ROLE_USER"/>
<form-login login-page='/hello' default-target-url='/user/index' always-use-default-target='true'/>
</http>
<!-- 测试用户
<authentication-manager>
<authentication-provider>
<user-service>
<user name="jimi" password="jimispassword" authorities="ROLE_USER,ROLE_ADMIN"/>
<user name="bob" password="bobspassword" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
-->
<!-- 指定一个自定义的authentication-manager :customUserDetailsService -->
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="customUserDetailsService" class="com.travel.spring.service.UserDetailsServiceImpl" />
/beans:beans
[/code]
[b]
com.travel.spring.service.UserDetailsServiceImpl 代码:[/b]
[code="java"]
package com.travel.spring.service;
import java.util.ArrayList;
import java.util.Collection;
import javax.annotation.Resource;
import org.apache.log4j.Logger;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.transaction.annotation.Transactional;
import com.travel.spring.model.WebUser;
@Transactional(readOnly = true)
public class UserDetailsServiceImpl implements UserDetailsService {
protected static Logger logger = Logger.getLogger("service");
@Resource(name = "webUserService")
private IWebUserService webUserService;
public UserDetails loadUserByUsername(String username){
try {
WebUser user = webUserService.getUserByName(username);// user已经获得 为:admin,123456,李岩
if (user == null) {
throw new UsernameNotFoundException("用户{ " + username + " }不存在!");
}
//Set<GrantedAuthority> grantedAuths = obtainGrantedAuthorities(user);
Collection<GrantedAuthority>grantedAuths = obtainGrantedAuthorities(user);
// -- mini-web示例中无以下属性, 暂时全部设为true. --//
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
UserDetails userdetails = new org.springframework.security.core.userdetails.User(
user.getLoginName(), user.getPassWord(), enabled,
accountNonExpired, credentialsNonExpired, accountNonLocked,
grantedAuths);
return userdetails;
} catch (Exception e) {
// TODO: handle exception
}
return null;
}
/**
* 获得当前User的权限('ROLE_' 开头的)
*/
private Collection<GrantedAuthority> obtainGrantedAuthorities(WebUser user) {
Collection<GrantedAuthority> auths=new ArrayList<GrantedAuthority>();
GrantedAuthorityImpl auth2=new GrantedAuthorityImpl("ROLE_USER");
auths.add(auth2);
return auths;
}
}
[/code]
[b]登陆页面代码:[/b]
[code="java"]
请使用Travel Manager系统账号登陆 |
|
| 账号: | |
| 密码: | |
[/code]
[b]
UserController.java 代码[/b]
[code="java"]package com.travel.spring.web;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import com.travel.spring.model.WebUser;
import com.travel.spring.service.IWebUserService;
@Controller
@RequestMapping("/user")
public class UserController {
private IWebUserService webUserService;
public IWebUserService getWebUserService() {
return webUserService;
}
public void setWebUserService(IWebUserService webUserService) {
this.webUserService = webUserService;
}
@RequestMapping(value="/index")
public String index(Model model,HttpServletRequest request,HttpSession session) throws Exception{
return "admin/index";
}
}
[/code]
用户名 密码填写错误,还是跳转到当前页面, 如果填写正确了,就会出现 /timeout 404页面 ,如图
[img]http://dl.iteye.com/upload/attachment/0083/5848/ea079fb1-37b6-3aaa-806e-7af4198b89a3.jpg[/img]
![http://dl.iteye.com/upload/attachment/0083/5848/ea079fb1-37b6-3aaa-806e-7af4198b89a3.jpg[/img]](http://dl.iteye.com/upload/attachment/0083/5848/ea079fb1-37b6-3aaa-806e-7af4198b89a3.jpg%5B/img%5D){kind=link}