从 spring petclinic sample app 构建的应用程序使用自定义登录表单添加了 spring 安全性。
该应用没有 this tutorial 建议的 WebMvcConfiguration.java 类.相反,它在 mvc-core-config.xml
中有以下行:
<mvc:view-controller path="/login" view-name="login" />
我在 eclipse 中执行了 Ctrl-H
并在整个工作区中对术语 /login
进行了关键字搜索,但没有 Controller 可见。我还查看了上面教程链接中提到的 messages-jc
示例项目,但在那里也找不到“/login
” Controller 。
我如何添加一个 Controller ,它将使用标准用户名和密码执行 spring 身份验证,但当“/login”url 处的登录表单时,这也将允许我随后向身份验证过程添加其他代码提交了吗?
是否像将以下内容添加到 SomeOtherController.java
一样简单:
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String showLoginForm(Model model) {
//what goes here?
return "public/loginform";
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String processLoginForm(HttpSession session, @ModelAttribute("user") User user,
BindingResult result, Model model, final RedirectAttributes redirectAttributes)
{
//what goes here?
return "secure/main";
}
最佳答案
在spring-security-core jar中,有一个接口(interface)UserDetailsService,它有一个方法
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
您可以实现此接口(interface)并创建您自己的代码,例如
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(String username) {
User user = userService.findUserByUsername(username);
if (user != null) {
String password = user.getPassword();
boolean enabled = user.getActive();
boolean accountNonExpired = user.getActive();
boolean credentialsNonExpired = user.getActive();
boolean accountNonLocked = user.getActive();
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (Role r : user.getRoles()) {
authorities.add(new SimpleGrantedAuthority(r.getAuthority()));
}
org.springframework.security.core.userdetails.User securedUser = new org.springframework.security.core.userdetails.User(
username, password, enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, authorities);
return securedUser;
} else {
throw new UsernameNotFoundException(
"Unable to find user with username provided!!");
}
}
然后使用 DaoAuthenticationProvider 创建一个对象
<bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"></property>
</bean>
最后,将这个 DaoAuthenticationProvider 提供给 ProviderManager
<bean class="org.springframework.security.authentication.ProviderManager">
<constructor-arg>
<list>
<ref bean="daoAuthenticationProvider" />
</list>
</constructor-arg>
</bean>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="userDetailsService">
<security:password-encoder hash="plaintext"></security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
添加 web.xml 细节
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-config/spring-*.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
关于java - 添加带有 spring security 的自定义登录 Controller ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32019353/