1

我在我的 spring 安全配置中使用了多个 http 元素[具有不同的模式]。每个都指向一个单独的身份验证管理器。我能够成功登录所有 http 元素。但是,登录成功后,返回的 Principal 对象为空。请帮我。

spring security的内容如下

<http pattern="teacher/login*" authentication-manager-   
        ref="teacherAuthenticationManager">
        <intercept-url pattern="teacher/login*" access="ROLE_TEACHER" />
            <http-basic`enter code here` />
        </http>
        <http pattern="student/login*" authentication-manager- 
        ref="studentAuthenticationManager">
        <intercept-url pattern="student/login*" access="ROLE_STUDENT" />
        <http-basic />
        </http>
        <authentication-manager alias="teacherAuthenticationManager">
        <authentication-provider>
        <!--  <password-encoder hash="md5"/>-->
        <jdbc-user-service data-source-ref="dataSources"
        users-by-username-query="
            select username,password,true 
                from Teacher where username=?" 

            authorities-by-username-query="
            select username,'ROLE_TEACHER' from Teacher where username=?" />
        </authentication-provider>
       </authentication-manager>


       <authentication-manager alias="studentAuthenticationManager">
            <authentication-provider>
        <!--  <password-encoder hash="md5"/>-->
        <jdbc-user-service data-source-ref="dataSources"
        users-by-username-query="
            select username,password,true 
            from Student where username=?" 

        authorities-by-username-query="
                select username,'ROLE_STUDENT' from Student where username=?" />
            </authentication-provider>
        </authentication-manager>

web.xml如下

<display-name>Spring Web MVC Application</display-name>
    <welcome-file-list>
        <welcome-file>/index.html</welcome-file>
    </welcome-file-list>

    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/rest/*</url-pattern>
    </servlet-mapping>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/mvc-dispatcher-servlet.xml,
            /WEB-INF/spring-security.xml
        </param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>FORWARD</dispatcher>
                <dispatcher>REQUEST</dispatcher>
                <dispatcher>ERROR</dispatcher>
    </filter-mapping>

控制器代码

 @RequestMapping(value = "/teacher/login", method = RequestMethod.GET)
    public @ResponseBody MethodResponse teacherlogin( Principal principal) {
        System.out.println("Welcome Teacher");
        MethodResponse methodResponse = new MethodResponse();
        try {
            //org.springframework.security.core.userdetails.User user = (org.springframework.security.core.userdetails.User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();


                    System.out.println("Is Principal Null:"+Boolean.valueOf(principal==null));
                    final String name = principal.getName();

                    String sql="Select * from Teacher where UserName=?";
                    Teacher teacher = jdbcTemplate.queryForObject(sql,
                            ParameterizedBeanPropertyRowMapper
                                    .newInstance(Teacher.class),name);


                    methodResponse.setData(teacher);




            //String sql = " Select * from Teacher where TeacherId=?";

            /*
            List<Teacher> list = jdbcTemplate.query(sql,
                    ParameterizedBeanPropertyRowMapper
                            .newInstance(Teacher.class), teacherId);

            Teacher[] teachers = list.toArray(new Teacher[] {});
            methodResponse.setDataArray(teachers);*/

            methodResponse
                    .setResponseCode(GlobalConstants.SERVICE_STATUS_CODE_SUCCESS);
            methodResponse
                    .setResponseMessage(GlobalConstants.SERVICE_STATUS_MSG_SUCCESS);
        } catch (Exception e) {
            e.printStackTrace();
            methodResponse
                    .setResponseCode(GlobalConstants.SERVICE_STATUS_CODE_DATABASE_ERROR);
            methodResponse.setResponseMessage(e.getMessage());
        }
        return methodResponse;
    }
4

1 回答 1

11

servlet 映射到 /rest/* 并且这些 URL 不受您的过滤器的保护(所以我希望主体为空)。这能解释你看到的行为吗?

于 2012-11-27T16:48:37.453 回答