在发布这个问题之前,我读过很多关于spring security的文章,但仍然无法解决这个问题。
我正在尝试配置定制的Spring Security性,即拥有一个服务类(UserService)来执行身份验证。但是,要么它无法访问UserService。我试着在下面只放相关的代码片段:
我已更新异常日志
web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
AppServlet-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd">
<!-- Enables the Spring MVC @Controller programming model -->
<annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />
<!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory -->
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<context:component-scan base-package="com.autoshipcart.service, com.autoshipcart.serviceImpl, com.autoshipcart.dao, com.autoshipcart.admin, com.autoshipcart.admin.service, com.autoshipcart.admin.serviceImpl, com.autoshipcart.admin.dao, com.autoshipcart.admin.validator, com.autoshipcart.framework" />
<context:annotation-config />
<beans:bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<beans:property name="basename" value="classpath:adminproperties/messages" />
<beans:property name="defaultEncoding" value="UTF-8" />
</beans:bean>
<beans:bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!-- one of the properties available; the maximum file size in bytes -->
<beans:property name="maxUploadSize" value="50000000" />
</beans:bean>
<beans:bean id="localeChangeInterceptor"
class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<beans:property name="paramName" value="siteLanguage"/>
</beans:bean>
<beans:bean id="localeResolver"
class="org.springframework.web.servlet.i18n.CookieLocaleResolver"/>
root-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- Root Context: defines shared resources visible to all other web components -->
<context:component-scan base-package="com.autoshipcart.service, com.autoshipcart.serviceImpl, com.autoshipcart.dao, com.autoshipcart.admin, com.autoshipcart.admin.service, com.autoshipcart.admin.serviceImpl, com.autoshipcart.admin.dao, com.autoshipcart.admin.validator, com.autoshipcart.framework" />
<context:annotation-config />
<bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath:adminproperties/jdbc.properties</value>
<value>classpath:adminproperties/mail.properties</value>
</list>
</property>
<property name="ignoreUnresolvablePlaceholders" value="true"/>
</bean>
<bean id="dataSourceMaster"
class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="${master.jdbc.driverClassName}"/>
<property name="url" value="${master.jdbc.databaseurl}"/>
<property name="username" value="${master.jdbc.username}"/>
<property name="password" value="${master.jdbc.password}"/>
</bean>
<bean id="dataSourceCart1"
class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="${cart1.jdbc.driverClassName}"/>
<property name="url" value="${cart1.jdbc.databaseurl}"/>
<property name="username" value="${cart1.jdbc.username}"/>
<property name="password" value="${cart1.jdbc.password}"/>
</bean>
<bean id="sessionFactoryMaster"
class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource" ref="dataSourceMaster" />
<property name="configLocation">
<value>classpath:hibernate.master.cfg.xml</value>
</property>
<property name="configurationClass">
<value>org.hibernate.cfg.AnnotationConfiguration</value>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">${master.jdbc.dialect}</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.connection.charSet">UTF-8</prop>
<prop key="hibernate.cache">false</prop>
<prop key="hibernate.cglib.use_reflection_optimizer">false</prop>
<prop key="cache.provider_class">org.hibernate.cache.NoCacheProvider</prop>
<prop key="hibernate.cache.use_second_level_cache">false</prop>
<prop key="hibernate.transaction.flush_before_completion">true</prop>
</props>
</property>
</bean>
<bean id="sessionFactoryCart1"
class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource" ref="dataSourceCart1" />
<property name="configLocation">
<value>classpath:hibernate.cfg.xml</value>
</property>
<property name="configurationClass">
<value>org.hibernate.cfg.AnnotationConfiguration</value>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">${cart1.jdbc.dialect}</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.connection.charSet">UTF-8</prop>
<prop key="hibernate.cache">false</prop>
<prop key="hibernate.cglib.use_reflection_optimizer">false</prop>
<prop key="cache.provider_class">org.hibernate.cache.NoCacheProvider</prop>
<prop key="hibernate.cache.use_second_level_cache">false</prop>
<prop key="hibernate.transaction.flush_before_completion">true</prop>
</props>
</property>
</bean>
<tx:annotation-driven proxy-target-class="true" />
<bean id="transactionManagerMaster"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactoryMaster" />
</bean>
<bean id="transactionManagerCart1"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactoryCart1" />
</bean>
<bean id="velocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
<property name="velocityProperties">
<value>
resource.loader=class
class.resource.loader.class=org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
</value>
</property>
</bean>
<bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
<property name="host" value="${mail.host}" />
<property name="port" value="${mail.port}" />
<property name="username" value="${mail.username}" />
<property name="password" value="${mail.password}" />
<property name="javaMailProperties">
<props>
<prop key="mail.smtp.auth">${mail.smtp.auth}</prop>
<prop key="mail.smtp.starttls.enable">${mail.smtp.starttls.enable}</prop>
</props>
</property>
</bean>
<bean id="mailSenderUtil" class="com.autoshipcart.framework.util.MailSenderUtil">
<property name="mailSender" ref="mailSender"></property>
</bean>
<bean id="userService" class="com.autoshipcart.admin.serviceImpl.UserServiceImpl"></bean>
<bean id="userDAO" class="com.autoshipcart.admin.hibernatedao.UserHibernateDAO"></bean>
<!-- <bean id="webExpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/> -->
<security:http auto-config="true" use-expressions="false">
<security:intercept-url pattern="/dashboard" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:form-login login-page="/login"
login-processing-url="/static/j_spring_security_check"
default-target-url="/dashboard"
authentication-failure-url="/logout"
/>
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userService">
<security:password-encoder hash="plaintext"/>
</security:authentication-provider>
</security:authentication-manager>
UserServiceImpl.java
package com.autoshipcart.admin.serviceImpl;
/*@Service("userService")*/
@Transactional
public class UserServiceImpl implements UserService,UserDetailsService {
@Autowired
private UserDAO userDAO;
@Transactional
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
System.out.println("test>>>>"+ username);
System.out.println("test2>>>>"+ username);
UserVO temp= new UserVO();
try{
User user= userDAO.authenticateUser(username);
if(user!=null){
new UserVO();
}else{
throw new UsernameNotFoundException("UserName or Password is incorrect!");
}
temp.setEmail(user.getEmailId());
temp.setFirstName(user.getFirstName());
temp.setLastName(user.getLastName());
temp.setPassword(user.getPassword());
temp.setUsername(user.getUserName());
}catch(Exception e){
e.printStackTrace();
}
return temp;
}
@RequestMapping(value = {"/","/dashboard"}, method = {RequestMethod.GET})
public String showDashboard(HttpSession session,
Map<String, Object> map, Model model) {
System.out.println("In controller>>");
String loggedIn= (String) session.getAttribute("loggedIn"); // This job will be done by AOP Intercepor
if(loggedIn==null)
return "login";
else
return "dashboard";
}
@RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(HttpSession session, HttpServletResponse response,
Map<String, Object> map, Model model) {
logger.info("logout function is called>>>>>");
System.out.println("logout function is called");
if(session.getAttribute("loggedIn")=="true"&&session.getAttribute("configMap")!=null)
{ System.out.println("session");
session.setAttribute("loggedIn", null);
session.setAttribute("configMap", null);
session.invalidate();
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.
}
return "login";//"redirect:/";
}
安全配置中的登录处理url是login-processing-url=“/static/j_spring_security_check”
为什么要将static追加到此url中,spring默认为/j_spring_security_check
,删除static
关键字后再试
主要内容:1.入门,2.设置用户名和密码1.入门 1.启动一个SpringBoot项目 2.导入SpringSecurity相关依赖 3.编写Controller TestController.java 用户是user 密码是刚刚的 2.设置用户名和密码 1.在配置文件中设置 2.在配置类中设置 3.自定义实现类 2.1 配置文件中设置 2.2 在配置类中设置 设置用户名为zZZ,密码为root 2.3 自定义实现类 配置类: 业务类:
在WAR的情况下,它试图将请求转发到/error页面,并寻找它的处理程序方法(请参见底部的日志)。 最后我得到以下回应: 我该换什么才能得到401?
1.导入jar包 web.xml spring-security.xml
本文向大家介绍SpringSecurity 测试实战,包括了SpringSecurity 测试实战的使用技巧和注意事项,需要的朋友参考一下 引言 试题管理系统的安全模块使用Spring Security,代码从原华软仓库移植,在移植的过程中,发现原测试编写的不好,遂在新系统中对安全模块测试进行了重构。 Spring 测试 添加@SpringBootTest注解,意为这是一个基于SpringBoot
我正在设置Angular Spring Security模块来登录和注册用户。当我注册一个用户时,一切都正常。注册后的最后一步是自动登录,但我遇到了以下错误: XMLHttpRequest无法加载超文本传输协议//localhost:8080/com-tesis/login.请求的资源上不存在“访问控制允许起源”标头。因此不允许访问起源“超文本传输协议//localhost:9000”。响应的HT
问题内容: 我目前正在评估基于Java的安全框架,我是Spring 3.0用户,因此似乎似乎SpringSecurity是正确的选择,但是Spring安全性似乎受到过分复杂的困扰,它似乎并没有使安全性易于实现, Shiro似乎更加连贯,更容易理解。我正在寻找这两个框架之间的利弊清单。 问题答案: 我也同意Spring Security对我来说感觉太复杂了。当然,他们已经做了一些降低复杂性的事情,例
我在这里有很多问题要解决。一直试图将上述3项技术集成到我们的WebApp中…我们要使用 null web.xml: 我的servlet-context.xml: My manager-context.xml: 编辑2 我认为主要的问题是SpringSecurity需要webapp上下文(ContextLoaderListener)才能工作,但web应用程序是在servlet上下文中运行的。控制器方
本文向大家介绍SpringBoot 配合 SpringSecurity 实现自动登录功能的代码,包括了SpringBoot 配合 SpringSecurity 实现自动登录功能的代码的使用技巧和注意事项,需要的朋友参考一下 自动登录是我们在软件开发时一个非常常见的功能,例如我们登录 QQ 邮箱: 很多网站我们在登录的时候都会看到类似的选项,毕竟总让用户输入用户名密码是一件很麻烦的事。 自动登录功能