[英]error login with spring-security+hibernate
I'm trying to realize a login system with spring security + hibernate. 我正在尝试使用Spring Security + Hibernate实现一个登录系统。
I have defined these file 我已经定义了这些文件
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:import resource="classpath*:dispatcher-servlet.xml"/>
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="PermittAll"/>
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/logout" access="permitAll"/>
<intercept-url pattern="/loginfailed" access="permitAll"/>
<intercept-url pattern="/intro" access="hasRole('ROLE_MODERATOR')"/>
<form-login login-page="/login"
login-processing-url="/j_spring_security_check"
default-target-url="/intro"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
</http>
<beans:bean id="userDetailsService" class="com.appDial.service.UserDetailsServiceImpl"></beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService"></authentication- provider>
</authentication-manager>
</beans:beans>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app id="WebApp_1383925467813">
<display-name>Archetype Created Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Filter per spring-security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/m/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/t/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
package com.appDial.service;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import com.appDial.hibernateGenerate.Pazienti;
import com.appDial.hibernateGenerate.PazientiDAO;
import com.appDial.persistence.PersistencePaziente;
@Transactional(readOnly=true)
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private PazientiDAO dao;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
ApplicationContext ap = new ClassPathXmlApplicationContext("applicationContext.xml");
PersistencePaziente pp = (PersistencePaziente) ap.getBean("persistencePaziente");
Pazienti pazienti= (Pazienti) pp.findByUsername(username);
if(pazienti==null){
System.out.println("non trovato!");
throw new UsernameNotFoundException("user not found");
}
System.out.println(""+pazienti.getNome()+"");
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
Integer id=2;
return new User(
pazienti.getUsername(),
pazienti.getPassword(),
enabled,
accountNonExpired,
credentialsNonExpired,
accountNonLocked,
getAuthorities(id)
);
}
public Collection<? extends GrantedAuthority> getAuthorities(Integer role) {
List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
return authList;
}
public List<String> getRoles(Integer role) {
List<String> roles = new ArrayList<String>();
if (role.intValue() == 1) {
roles.add("ROLE_MODERATOR");
roles.add("ROLE_ADMIN");
} else if (role.intValue() == 2) {
roles.add("ROLE_MODERATOR");
}
return roles;
}
public static List<GrantedAuthority> getGrantedAuthorities(List<String> roles) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
return authorities;
}
} }
When I try to login, I am always given error and you do not create a connection to the database 尝试登录时,总是出现错误,并且您未创建与数据库的连接
@Transactional(readOnly=true)
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private PazientiDAO dao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
ApplicationContext ap = new ClassPathXmlApplicationContext("applicationContext.xml");
PersistencePaziente pp = (PersistencePaziente) ap.getBean("persistencePaziente");
Pazienti pazienti= (Pazienti) pp.findByUsername(username);
if(pazienti==null){
System.out.println("non trovato!");
throw new UsernameNotFoundException("user not found");
}
System.out.println(""+pazienti.getNome()+"");
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
Integer id=2;
return new User(
pazienti.getUsername(),
pazienti.getPassword(),
enabled,
accountNonExpired,
credentialsNonExpired,
accountNonLocked,
getAuthorities(id)
);
}
Your service implementation is wrong. 您的服务实施有误。 NEVER construct a new instance of an ApplicationContext
in your code (when you start doing that all kinds of alarm bells should start to ring!). 切勿在代码中构造ApplicationContext
的新实例(当您开始执行此操作时,各种警报都会响起!)。 Use dependency injection to get the needed dependencies. 使用依赖注入获得所需的依赖。
Your solution will eventually grind your database to a halt with all the database connections you are creating, each time a new sessionfactory and transactionmanager and eventually your application will grind to a halt due to memory issues or database locks. 您的解决方案最终将使您正在创建的所有数据库连接都停止数据库运行,每次使用新的sessionfactory和transactionmanager时,最终您的应用程序将由于内存问题或数据库锁定而停止运行。 (I assume that that isn't what you want?). (我认为那不是您想要的吗?)。
I would expect something like the following 我期望以下内容
@Transactional(readOnly=true)
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private PazientiDAO dao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Pazienti pazienti= dao.findUser(username);
if(pazienti==null){
System.out.println("non trovato!");
throw new UsernameNotFoundException("user not found");
}
System.out.println(""+pazienti.getNome()+"");
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
Integer id=2;
return new User(
pazienti.getUsername(),
pazienti.getPassword(),
enabled,
accountNonExpired,
credentialsNonExpired,
accountNonLocked,
getAuthorities(id)
);
}
I assume you aren't injecting the PazientiDAO
just because you can but because you want to use it. 我认为您不是因为可以注入PazientiDAO
,而是因为您想使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.