在 Spring Security 中,使用 和class CustomUserDetailsService implements UserDetailsService
方法 public UserDetails loadUserByUsername(String email)
与电子邮件(作为登录 ID)不会传递给. 我的意思是它是空白的,即使我给它一些文字。可能是什么原因?<input id="j_username" type="text" placeholder="Log-in ID"/>
loadUserByUsername()
""
铬Shift+ Ctrl+i
自定义 UserDetailsService 中 loadUserByUsername 的参数用户名始终为空类似,但我猜不相关?
一些主要的重要错误日志。
the email passed from CustomUserDetailsService in method loadUserByUsername is:
debug ---- 1
email entered for lookup was :
debug --- a
debug --- b
Hibernate: select users0_.id as id1_15_, users0_.description as descript2_15_, users0_.email as email3_15_, users0_.isEnabled as isEnable4_15_, users0_.name as name5_15_, users0_.password as password6_15_, users0_.type as type7_15_ from Users users0_ where users0_.email=?
print Error in retrieving user
Index: 0, Size: 0
java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
at java.util.ArrayList.rangeCheck(ArrayList.java:604)
at java.util.ArrayList.get(ArrayList.java:382)
at web.dao.impl.jpa.UsersDAOImpl.getUserByLoginId(UsersDAOImpl.java:67)
at web.service.common.CustomUserDetailsService.loadUserByUsername(CustomUserDetailsService.java:54)
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:101)
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:132)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
login.jsp 表单
<form action="${pageContext.request.contextPath}/j_spring_security_check" method="post">
<table>
<tbody>
<tr>
<td>
<img style="height:30px;" src="company.png" />
</td>
<td>
<input type="text" placeholder="Company Name" />
</td>
<td>
</td>
</tr>
<tr>
<td>
<img style="height:30px;" src="person.png" />
</td>
<td>
<input id="j_username" type="text" placeholder="Log-in ID"/>
</td>
<td>
<input type="submit" value="Log-In" />
</td>
</tr>
<tr>
<td>
<img style="height:30px;" src="password.png" />
</td>
<td>
<input id="j_password" type="password" placeholder="Password" />
</td>
<td>
<input type="reset" />
</td>
</tr>
<tr>
<td>
</td>
<td style="text-align:right;">
Forgot your password?
</td>
<td>
</td>
</tr>
</tbody>
</table>
</form>
自定义用户详细信息服务
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package web.service.common;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Repository;
import org.springframework.stereotype.Service;
import web.dao.UsersDAO;
import web.dao.impl.jpa.UsersDAOImpl;
import web.entity.Users;
/**
*
* @author syncsys
*/
@Service
public class CustomUserDetailsService implements UserDetailsService{
@Resource
private UsersDAO userDAO;
/**
* Retrieves a springUser record containing the springUser's credentials and access.
*/
public UserDetails loadUserByUsername(String email)
throws UsernameNotFoundException, DataAccessException {
// Declare a null Spring User
UserDetails springUser = null;
try {
System.out.println("the email passed from CustomUserDetailsService in method loadUserByUsername is: " +email);
// Search database for a springUser that matches the specified email
// You can provide a custom DAO to access your persistence layer
// Or use JDBC to access your database
// DbUser is our custom domain springUser. This is not the same as Spring's User
System.out.println("debug ---- 1");
Users dbUser = userDAO.getUserByLoginId(email);
// Populate the Spring User object with details from the dbUser
// Here we just pass the email, password, and access level
// getAuthorities() will translate the access level to the correct role type
System.out.println("debug ---- 2");
springUser = new User(
dbUser.getEmail(),
dbUser.getPassword().toLowerCase(),
true,
true,
true,
true,
//getAuthorities(dbUser.getAccess()) );
getAuthorities(2) );
System.out.println("debug ---- 3");
} catch (Exception e) {
System.out.println("print Error in retrieving user");
e.printStackTrace();
System.out.println(e.getMessage());
throw new UsernameNotFoundException("Error in retrieving user");
}
System.out.println("debug ---- 4");
// Return springUser to Spring for processing.
// Take note we're not the one evaluating whether this springUser is authenticated or valid
// We just merely retrieve a springUser that matches the specified email
return springUser;
}
/**
* Retrieves the correct ROLE type depending on the access level, where access level is an Integer.
* Basically, this interprets the access value whether it's for a regular springUser or admin.
*
* @param access an integer value representing the access of the springUser
* @return collection of granted authorities
*/
public Collection<GrantedAuthority> getAuthorities(Integer access) {
// Create a list of grants for this springUser
List<GrantedAuthority> authList = (List<GrantedAuthority>) new ArrayList<GrantedAuthority>(2);
// All users are granted with ROLE_USER access
// Therefore this springUser gets a ROLE_USER by default
System.out.println("Grant ROLE_USER to this user");
authList.add(new GrantedAuthorityImpl("ROLE_USER"));
// Check if this springUser has admin access
// We interpret Integer(1) as an admin springUser
// if ( access.compareTo(1) == 0) {
// // User has admin access
// logger.debug("Grant ROLE_ADMIN to this user");
// authList.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
// }
// Return list of granted authorities
return authList;
}
}
用户道
package web.dao.impl.jpa;
import java.util.ArrayList;
import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import org.hibernate.Session;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Repository;
import web.dao.UsersDAO;
import web.entity.Users;
/**
*
* @version $Revision$
* @since 1.0
*/
@Repository
public class UsersDAOImpl implements UsersDAO {
/**
* The JPA entity manager
*/
// @Autowired
private EntityManager entityManager;
/**
* Set the entity manager
*
* @param entityManager
*/
/**
* Saves or Updates an existing user entity instance.
*
* @param user the user entity
* @return the managed user entity instance
*/
public Users saveOrUpdate(Users user) {
if(user.getId() == 0) {
entityManager.persist(user);
return user;
}
else
entityManager.merge(user);
return user;
}
public Users getUserByLoginId(String email){
System.out.println("email entered for lookup was : "+email);
System.out.println("debug --- a");
String queryString = "SELECT user FROM Users AS user " +
"WHERE user.email = :email";
Query query = entityManager.createQuery(queryString);
System.out.println("debug --- b");
query.setParameter("email", email);
List<?> list = query.getResultList();
System.out.println("email retrieved is" +((Users)list.get(0)).getEmail() );
System.out.println("debug --- c");
if(list == null || list.size() == 0) throw new UsernameNotFoundException("User not found");
Users user = (Users)list.get(0);
System.out.println("debug --- d");
System.out.println(user.getEmail());
return user;
// return (Users)list.get(0);
}
@PersistenceContext
public void setEntityManager(EntityManager entityManager) {
this.entityManager = entityManager;
}
/**
* Helper method to return the hibernate session from the JPA
* entity manager implementation.
*
* @return the hibernate {#link Session}
*/
protected Session getHibernateSession() {
return entityManager.unwrap(Session.class);
}
}
用户控制器
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package web.controller;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import web.entity.Users;
import web.service.UserService;
/**
*
* @author syncsys
*/
@Controller
public class UserController {
@Autowired
private UserService userService;
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String getLoginPage(@RequestParam(value="error", required=false) boolean error,
ModelMap model) {
System.out.println("Received request to show login page");
// Add an error message to the model if login is unsuccessful
// The 'error' parameter is set to true based on the when the authentication has failed.
// We declared this under the authentication-failure-url attribute inside the spring-security.xml
/* See below:
<form-login
login-page="/krams/auth/login"
authentication-failure-url="/krams/auth/login?error=true"
default-target-url="/krams/main/common"/>*/
if (error == true) {
// Assign an error message
model.put("error", "You have entered an invalid username or password!");
} else {
model.put("error", "");
}
// This will resolve to /WEB-INF/jsp/loginpage.jsp
return "login";
}
// @RequestMapping(value = "/create", method = RequestMethod.GET )
@RequestMapping(value = "/create" )
public String creatUser(ModelMap model){
Users user = new Users();
user.setEmail("myemail@mydomain.com");
user.setName("myname");
userService.saveOrUpdate(user);
System.out.println("created--------------------");
return "create";
}
@RequestMapping("/users")
public String showUsers(ModelMap model){
return "index";
}
@RequestMapping("/loginfail")
public String loginFail(ModelMap model){
return "login-fail";
}
}
调度员
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd"
>
<context:component-scan base-package="web" >
<context:include-filter type="annotation" expression="org.springframework.stereotype.Service" />
<context:include-filter type="annotation" expression="org.springframework.stereotype.Repository" />
</context:component-scan>
<mvc:annotation-driven />
<!-- <context:annotation-config />-->
<bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping"/>
<!--
Most controllers will use the ControllerClassNameHandlerMapping above, but
for the index controller we are using ParameterizableViewController, so we must
define an explicit mapping for it.
-->
<bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="index.htm">indexController</prop>
</props>
</property>
</bean>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<!-- class="org.springframework.web.servlet.view.InternalResourceViewResolver">-->
<!-- class="org.springframework.web.servlet.view.UrlBasedViewResolver" >-->
<property name="prefix" value="/WEB-INF/view/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<!--
The index controller.
-->
<bean name="indexController"
class="org.springframework.web.servlet.mvc.ParameterizableViewController">
<property name="viewName" value="index" />
</bean>
<!---
##########################################################################
Hibernate
-->
<!-- <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="org.postgresql.Driver" />
<property name="url" value="${jdbc.url}jdbc:postgresql://localhost:5432/postgres" />
<property name="username" value="postgres" />
<property name="password" value="abc" />
</bean>
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource"/>
<property name="packagesToScan" value="web.entity" />
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.PostgreSQLDialect</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="cache.provider_class">org.hibernate.cache.internal.NoCacheProvider</prop>
</props>
</property>
</bean>
<tx:annotation-driven transaction-manager="transactionManager"/>
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory"/>
</bean>
###########################################################
-->
<!--
JPA based instead of hibernate
-->
<bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor"/>
<!--
This configures the EntityManagerFactory object used for JPA/Spring managed persistent objects.
-->
<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="persistenceXmlLocation" value="classpath*:META-INF/persistence.xml" />
<property name="persistenceUnitName" value="persistence-unit-demo" />
<property name="dataSource" ref="dataSource" />
<property name="packagesToScan" value="web.entity" />
<property name="jpaVendorAdapter">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="database" value="POSTGRESQL" />
<!-- giving errors <property name="databasePlatorm" value="org.hibernate.dialect.PostgreSQLDialect"/>-->
<!-- <property name="database" value="HSQL" />-->
<property name="showSql" value="true" />
<property name="generateDdl" value="true" />
</bean>
</property>
<property name="jpaProperties">
<props>
<prop key="hibernate.hbm2ddl.auto">create-drop</prop>
</props>
</property>
</bean>
<bean id="jpaDialect" class="org.springframework.orm.jpa.vendor.HibernateJpaDialect" />
<!-- Pulls database connection from the tomcat container's context database pool via JNDI -->
<!-- <jee:jndi-lookup id="dataSource" jndi-name="jdbc/mssqlserver" resource-ref="true"/>-->
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
<property name="driverClassName" value="org.postgresql.Driver" />
<property name="url" value="jdbc:postgresql://localhost:5432/postgres" />
<property name="username" value="postgres" />
<property name="password" value="abc" />
</bean>
<!--
Sets up our transaction manager.
-->
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory" />
<property name="jpaDialect" ref="jpaDialect" />
<property name="dataSource" ref="dataSource" />
<!-- giving errors <property name="loadTimeWeaver">
<bean class="org.springframework.instrument.classloading.InstrumentationLoadTimeWeaver" />
</property>-->
</bean>
<!--
Defines our transaction manager for Transactional annotations.
-->
<tx:annotation-driven transaction-manager="transactionManager" />
<bean id="sessionFactory" factory-bean="entityManagerFactory" factory-method="getSessionFactory" />
</beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>springDispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springDispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>redirect.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
/WEB-INF/applicationContext.xml
</param-value>
</context-param>
</web-app>
应用程序上下文.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd">
<!--bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
p:location="/WEB-INF/jdbc.properties" />
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource"
p:driverClassName="${jdbc.driverClassName}"
p:url="${jdbc.url}"
p:username="${jdbc.username}"
p:password="${jdbc.password}" /-->
<!-- ADD PERSISTENCE SUPPORT HERE (jpa, hibernate, etc) -->
<import resource="springDispatcher-servlet.xml" />
</beans>
弹簧安全.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true" access-denied-page="/loginfail" >
<security:intercept-url pattern="/login**" access="permitAll"/>
<!-- <security:intercept-url pattern="/krams/main/admin" access="hasRole('ROLE_ADMIN')"/>-->
<security:intercept-url pattern="/tem/*" access="hasRole('ROLE_USER')"/>
<security:form-login
login-page="/login"
authentication-failure-url="/loginfail?error=true"
default-target-url="/index"/>
<security:logout
invalidate-session="true"
logout-success-url="/logout"
logout-url="/logout"/>
</security:http>
<!-- Declare an authentication-manager to use a custom userDetailsService -->
<security:authentication-manager>
<security:authentication-provider user-service-ref="customUserDetailsService">
<!-- <security:password-encoder ref="passwordEncoder"/>-->
</security:authentication-provider>
</security:authentication-manager>
<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the database
<bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>
-->
<!-- A custom service where Spring will retrieve users and their corresponding access levels -->
<bean id="customUserDetailsService" class="web.service.common.CustomUserDetailsService"/>
</beans>