我正在开发一个使用 Spring 3 和 Spring Security 的项目。我的问题是 IoC 容器。当我编写自己的 UserDetailsService
实现时,问题就开始了对于 Spring Security-3。我检查了其他问题,但仍然无法解决问题。
问题的定义是:
我有两个单独的类(一个是 UsersController.java
扩展 @Controller
和 ProjectUserDetailsService
扩展 @Service
)使用一个通用对象进行 Autowiring 。但是当对象在 UsersController
中成功 Autowiring 时, 是 null
在 ProjectUserDetailsService
虽然这个类的对象(ProjectUserDetailsService
)已经成功创建(我通过调试验证了这一点)。
有什么建议可以解决这个问题吗?
这是我的web.xml
, project-servlet.xml
和 project-security.xml
文件和相关类。
Web.xml`
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Tutorial web application
-
-->
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<display-name>Ecognitio with Spring Security</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/ecognitio-servlet.xml
/WEB-INF/ecognitio-security.xml
</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>tutorial.root</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<servlet>
<servlet-name>ecognitio</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>project</servlet-name>
<url-pattern>*.action</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>project</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
project-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<!-- Scans the classpath of this application for @Components to deploy as beans -->
<context:component-scan base-package="com.project" />
<!-- Configures the @Controller programming model -->
<mvc:annotation-driven />
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource"
p:basename="Messages"/>
<!-- misc -->
<!-- <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="suffix" value=".jsp"/>
</bean> -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass">
<value>
org.springframework.web.servlet.view.tiles2.TilesView
</value>
</property>
</bean>
<bean id="tilesConfigurer"
class="org.springframework.web.servlet.view.tiles2.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/tiles.xml</value>
</list>
</property>
</bean>
<!-- Configures Hibernate - Database Config -->
<import resource="db-config.xml" />
</beans>
project-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Sample namespace-based configuration
-
-->
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<debug />
<global-method-security pre-post-annotations="enabled">
<!-- AspectJ pointcut expression that locates our "post" method and applies security that way
<protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
-->
</global-method-security>
<http pattern="/loggedout.jsp" security="none"/>
<http use-expressions="true" >
<intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')"/>
<intercept-url pattern="/secure/**" access="isAuthenticated()" />
<!--
Allow all other requests. In a real application you should
adopt a whitelisting approach where access is not allowed by default
-->
<intercept-url pattern="/login.jsp*" access="isAuthenticated()==false"/>
<intercept-url pattern="/timeout.jsp*" access="isAuthenticated()==false"/>
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<!-- <intercept-url pattern="/**" access="permitAll" /> -->
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1" default-target-url="/dashboard.html" />
<logout logout-success-url="/login.jsp" delete-cookies="JSESSIONID"/>
<remember-me />
<!--
Uncomment to enable X509 client authentication support
<x509 />
-->
<!-- Uncomment to limit the number of sessions a user can have
<session-management invalid-session-url="/login.jsp">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
-->
</http>
<!-- HERE IS WHERE I USE an object of ProjectUserDetailsService -->
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService" />
</authentication-manager>
<!--
</beans:beans>
UsersController.java
(该类的UsersDAO类对象 Autowiring 成功)
package com.project.users;
//required imports
@Controller
public class UsersControllers
{
@Autowired
private UsersDAO usersDAO;
//Some more autowires and some class specific code
}
ProjectUserDetailsService.java
(UsersDAO 的 Autowiring 不起作用)
package com.project.security;
import java.util.ArrayList;
import java.util.Collection;
//required imports
@SuppressWarnings("deprecation")
@Service("userDetailsService")
public class ProjectUserDetailsService implements UserDetailsService {
@Autowired
private UsersDAO usersDAO;
@Autowired private Assembler assembler;
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
UserDetails userDetails = null;
//For debugging purposes
if(usersDAO==null){
System.out.println("DAO IS NULL");
System.out.println("DAO IS NULL");
System.out.println("DAO IS NULL");
}
User userEntity = usersDAO.findUserbyEmail("'"+username+"'");
if (userEntity == null)
throw new UsernameNotFoundException("user not found");
return assembler.buildUserFromUserEntity(userEntity);
}
}
最佳答案
是的,将对象 Autowiring 到从 Spring 安全类继承的 bean 中似乎是不可能的。我不知道这是否是 Spring Security 中的一个错误,或者它是为了安全还是什么。如果有人有解释,我很想听听。您可以通过 xml 配置手动注入(inject) bean(而不是使用 @Autowired 注释)来解决您的问题,然后它们就会出现。不过要注意一句..
我这样做了,我注意到我的带有注释的 userDao(特别是 @Transactional)不再在事务中运行。我的 userDao 正在多个地方使用。但是,如果我将它注入(inject)到我的自定义 AbstractUserDetailsAuthenticationProvider 中,它就不再在使用它的任何其他类的事务中运行。当其他正在接收它的对象(通过@Autowired 或手动 xml 注入(inject))使用时,删除对自定义 AbstractUserDetailsAuthenticationProvider 的注入(inject)将事务功能恢复到我的 userDao。
那么我是如何让我的 userDao 进入我的 Spring Security 上下文并仍然保留它@Transactional 的呢?我必须创建一个工厂类:
public class UserDaoFactory {
private static UserDao userDao;
public static UserDao getUserDao() {
return UserDaoFactory.userDao;
}
public void setUserDao(UserDao userDao) {
UserDaoFactory.userDao = userDao;
}
}
然后把这个和你的dao两个对象放入spring容器中:
<bean id="userDao" class="com.package.UserDaoImpl">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<bean id="userDaoFactory" class="com.package.UserDaoFactory">
<property name="userDao" ref="userDao" />
</bean>
因此 userDao 将 Autowiring 到您的 userDaoFactory 中。它将具有所有 @Transactional 功能(因为 spring security 没有将其剥离?)。然后在您的 spring 安全对象中,您可以执行以下操作:
userDao = UserDaoFactory.getUserDao();
我在我的自定义 AbstractUserDetailsAuthenticationProvider 对象中实现了 ServletContextAware 以在初始化期间执行上述操作一次,中提琴。
所以请注意,虽然您可以通过 xml 配置手动将 bean 注入(inject)到 spring 安全对象中以克服 @Autowired 问题,但如果您尝试将该 DAO 包装在 @Transactional 中,您最终会遇到一个新问题。
现在也许有人知道为什么会发生这种情况。这可能是我的错误配置(我承认我不是 Spring 专家),或者它可能是 Spring 的一个特性。我很想听听任何人要说什么以及如何改进这一点。
关于spring - @Autowired 对象在一个类中获得空值,而在另一个类中成功连接,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5921717/