[英]error login with spring-security+hibernate
我正在尝试使用Spring Security + Hibernate实现一个登录系统。
我已经定义了这些文件
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:import resource="classpath*:dispatcher-servlet.xml"/>
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="PermittAll"/>
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/logout" access="permitAll"/>
<intercept-url pattern="/loginfailed" access="permitAll"/>
<intercept-url pattern="/intro" access="hasRole('ROLE_MODERATOR')"/>
<form-login login-page="/login"
login-processing-url="/j_spring_security_check"
default-target-url="/intro"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
</http>
<beans:bean id="userDetailsService" class="com.appDial.service.UserDetailsServiceImpl"></beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService"></authentication- provider>
</authentication-manager>
</beans:beans>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app id="WebApp_1383925467813">
<display-name>Archetype Created Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Filter per spring-security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/m/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/t/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
package com.appDial.service;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import com.appDial.hibernateGenerate.Pazienti;
import com.appDial.hibernateGenerate.PazientiDAO;
import com.appDial.persistence.PersistencePaziente;
@Transactional(readOnly=true)
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private PazientiDAO dao;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
ApplicationContext ap = new ClassPathXmlApplicationContext("applicationContext.xml");
PersistencePaziente pp = (PersistencePaziente) ap.getBean("persistencePaziente");
Pazienti pazienti= (Pazienti) pp.findByUsername(username);
if(pazienti==null){
System.out.println("non trovato!");
throw new UsernameNotFoundException("user not found");
}
System.out.println(""+pazienti.getNome()+"");
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
Integer id=2;
return new User(
pazienti.getUsername(),
pazienti.getPassword(),
enabled,
accountNonExpired,
credentialsNonExpired,
accountNonLocked,
getAuthorities(id)
);
}
public Collection<? extends GrantedAuthority> getAuthorities(Integer role) {
List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
return authList;
}
public List<String> getRoles(Integer role) {
List<String> roles = new ArrayList<String>();
if (role.intValue() == 1) {
roles.add("ROLE_MODERATOR");
roles.add("ROLE_ADMIN");
} else if (role.intValue() == 2) {
roles.add("ROLE_MODERATOR");
}
return roles;
}
public static List<GrantedAuthority> getGrantedAuthorities(List<String> roles) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
return authorities;
}
}
尝试登录时,总是出现错误,并且您未创建与数据库的连接
@Transactional(readOnly=true)
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private PazientiDAO dao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
ApplicationContext ap = new ClassPathXmlApplicationContext("applicationContext.xml");
PersistencePaziente pp = (PersistencePaziente) ap.getBean("persistencePaziente");
Pazienti pazienti= (Pazienti) pp.findByUsername(username);
if(pazienti==null){
System.out.println("non trovato!");
throw new UsernameNotFoundException("user not found");
}
System.out.println(""+pazienti.getNome()+"");
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
Integer id=2;
return new User(
pazienti.getUsername(),
pazienti.getPassword(),
enabled,
accountNonExpired,
credentialsNonExpired,
accountNonLocked,
getAuthorities(id)
);
}
您的服务实施有误。 切勿在代码中构造ApplicationContext
的新实例(当您开始执行此操作时,各种警报都会响起!)。 使用依赖注入获得所需的依赖。
您的解决方案最终将使您正在创建的所有数据库连接都停止数据库运行,每次使用新的sessionfactory和transactionmanager时,最终您的应用程序将由于内存问题或数据库锁定而停止运行。 (我认为那不是您想要的吗?)。
我期望以下内容
@Transactional(readOnly=true)
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private PazientiDAO dao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Pazienti pazienti= dao.findUser(username);
if(pazienti==null){
System.out.println("non trovato!");
throw new UsernameNotFoundException("user not found");
}
System.out.println(""+pazienti.getNome()+"");
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
Integer id=2;
return new User(
pazienti.getUsername(),
pazienti.getPassword(),
enabled,
accountNonExpired,
credentialsNonExpired,
accountNonLocked,
getAuthorities(id)
);
}
我认为您不是因为可以注入PazientiDAO
,而是因为您想使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.