我的要求是使用 spring security 和 hibernate 从 db 验证用户 ID 和密码。
我想在用户的第一次请求时打开 login.jsp 页面,一旦用户被验证,那么只有它应该重定向到 index.jsp。
我尝试了几个选项,但无法找出正确的方法。
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="false" use-expressions="true">
<form-login login-page="/jsp/login.jsp"
default-target-url="/jsp/index.jsp"
authentication-failure-url="/jsp/login.jsp?login_error=1" />
<intercept-url pattern="/jsp/login.jsp" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<logout logout-url="/j_spring_security_logout"
invalidate-session="true" />
</http>
<beans:bean id="customUserDetailsService" class="com.onmobile.otp.db.CustomUserDetailsService">
<beans:property name="urmService" ref="urmService" />
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager>
</beans:beans>
CustomUserDetailsService.java
package com.onmobile.otp.db;
import java.util.ArrayList;
import java.util.List;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import com.onmobile.otp.domain.Permission;
import com.onmobile.otp.domain.User;
public class CustomUserDetailsService implements UserDetailsService{
URMService urmService=null;
@Override
public UserDetails loadUserByUsername(String userName)throws UsernameNotFoundException, DataAccessException {
System.out.println("Inside loadUserByUserName");
User user = urmService.getUserByUserName(userName);
if(user == null){
throw new UsernameNotFoundException("Username :"+ userName + " not found in database");
}
UserRole userRole = urmService.getUserRoleByUser(user);
if(userRole == null){
return null;
}
if(userRole.getRole() == null){
return null;
}
List<Permission> userAuthorities = urmService.getPermissionsByRole(userRole.getRole());
if(userAuthorities == null){
return null;
}
List<GrantedAuthority> grantedAuthoritiesList = new ArrayList<GrantedAuthority>();
for(Permission permission : userAuthorities){
String perm = permission.getPermissionName();
grantedAuthoritiesList.add(new GrantedAuthorityImpl(perm));
}
GrantedAuthority [] grantedAuthoritiesArray = grantedAuthoritiesList.toArray(new GrantedAuthority[grantedAuthoritiesList.size()]);
CustomUserDetails customUserDetails = new CustomUserDetails(user.getUsername(), user.getPassword(), true, true, true, true, grantedAuthoritiesArray);
customUserDetails.setUserRole(userRole);
return customUserDetails;
}
public void setUrmService(URMService urmService) {
this.urmService = urmService;
}
}
我得到了例外
Caused by: java.lang.IllegalArgumentException: No authentication providers were found in the application context
at org.springframework.util.Assert.notEmpty(Assert.java:268)
at org.springframework.security.config.NamespaceAuthenticationManager.afterPropertiesSet(NamespaceAuthenticationManager.java:31)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1369)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335)
... 30 more
请建议我哪里出错了。谢谢