我正在尝试使用不同的框架构建一个Java EE应用程序原型。除了安全层,一切都很好。我选择了使用Spring配置来配置Spring Security。
代码如下:
Spring安全配置
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
private MyUserDetailsService userDetailsService;
@Override
protected UserDetailsService userDetailsService () {
return this.userDetailsService;
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login/authenticate")
.failureUrl("/login?error=bad_credentials")
.and()
.logout()
.logoutUrl("/signout")
.deleteCookies("JSESSIONID")
.and()
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/**").permitAll()
.and()
.csrf();
}
}
用户详情服务
@Service("myUserDetailsService")
public class MyUserDetailsService implements UserDetailsService
{
public static final Logger log = Logger.getLogger(MyUserDetailsService.class);
public MyUserDetailsService() {
}
@Autowired
private UserDao userDao;
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
final User user = getSystemUser(userName);
final List<GrantedAuthority> authorities = getUserAuthorities(user);
return buildUserForAuthentication(user, authorities);
}
private User buildUserForAuthentication(User user, List<GrantedAuthority> authorities) {
//...
}
private User getSystemUser(String alias) {
//...
}
private List<GrantedAuthority> getUserAuthorities(User user) {
//...
return null;
}
}
我期望这段代码做的是,当使用user & pass参数到达/login/authenticate
时,底层的spring代码调用我的用户服务,但这从未发生过。
我错过了什么?
我使用的是spring-security 3.2.3.RELEASE。
2条答案
按热度按时间ia2d9nvy1#
您应该在SecurityConfig类中注册您的自定义身份验证,该类具有扩展的WebSecurityConfigureAdapter:
对于3.2.3,配置应为
63lcw9qa2#