Spring 使用 UserDetailsService 进行安全认证
Spring Security authentication using UserDetailsService
我在 Spring 安全认证方面遇到了一些问题。
在我的应用程序中,所有地方都运行良好(CRUD 操作运行良好),但登录尝试失败。
这是我的代码(我在下面用注释标记了 userDAO 为空,这是身份验证失败的原因):
@Service
public class UserServiceImpl implements UserService, UserDetailsService {
@Autowired
UserDAO userDAO;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userDAO.getUserByUsername(username); //userDAO == null Causing NPE
if (user == null)
throw new UsernameNotFoundException("Oops!");
List<SimpleGrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority(user.getRole()));
return new org.springframework.security.core.userdetails
.User(user.getLogin(), user.getPassword(), authorities);
}
@Override
public List<User> getUsers() {
return userDAO.getUsers();//userDAO !=null
}
//rest of code skipped
我的 SecurityConfig 看起来像这样
@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
UserServiceImpl userService = new UserServiceImpl();
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService);
}
//rest of code skipped
我标记了我在哪里得到 NPE,但我不知道如何解决这个问题。整个配置是基于 Java 的,您可以在此处查看更多详细信息
HERE
编辑:在控制器中以这种方式调用 getUsers():
@Controller
public class LoginController {
@Autowired
UserService userService;
@RequestMapping(value = "/dashboard")
public ModelAndView userDashboard(){
ModelAndView modelAndView = new ModelAndView("Dashboard");
List<User> userList = userService.getUsers();
modelAndView.addObject("users", userList);
return modelAndView;
}
并且在这种情况下(调用 userService.getUsers() 时)userDAO 不为空
尝试按照 Bohuslav Burghardt 的建议修复它,我得到了
method userDetailsService in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder cannot be applied to given types;
required: T
found: com.gi.service.UserService
reason: inferred type does not conform to upper bound(s)
inferred: com.gi.service.UserService
upper bound(s): org.springframework.security.core.userdetails.UserDetailsService
排队
auth.userDetailsService(用户服务);
这是不正确的部分:
UserServiceImpl userService = new UserServiceImpl();
当您自己实例化服务时,其自动装配的依赖项将始终是 null。您必须让 Spring 容器实例化它(已通过使用 @Service 标记服务来完成),然后将其注入您的安全配置 class,如下所示:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userService;
}
通过 Bohuslav 的这段代码解决了问题
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
}
也不见了
@ComponentScan("com.gi")
之前
public class SecurityConfig extends WebSecurityConfigurerAdapter {
缺少它导致
Error:(24, 13) java: method userDetailsService in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder cannot be applied to given types; required: T found: com.gi.service.UserService reason: inferred type does not conform to upper bound(s) inferred: com.gi.service.UserService upper bound(s): org.springframework.security.core.userdetails.UserDetailsService
我在 Spring 安全认证方面遇到了一些问题。 在我的应用程序中,所有地方都运行良好(CRUD 操作运行良好),但登录尝试失败。
这是我的代码(我在下面用注释标记了 userDAO 为空,这是身份验证失败的原因):
@Service
public class UserServiceImpl implements UserService, UserDetailsService {
@Autowired
UserDAO userDAO;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userDAO.getUserByUsername(username); //userDAO == null Causing NPE
if (user == null)
throw new UsernameNotFoundException("Oops!");
List<SimpleGrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority(user.getRole()));
return new org.springframework.security.core.userdetails
.User(user.getLogin(), user.getPassword(), authorities);
}
@Override
public List<User> getUsers() {
return userDAO.getUsers();//userDAO !=null
}
//rest of code skipped
我的 SecurityConfig 看起来像这样
@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
UserServiceImpl userService = new UserServiceImpl();
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService);
}
//rest of code skipped
我标记了我在哪里得到 NPE,但我不知道如何解决这个问题。整个配置是基于 Java 的,您可以在此处查看更多详细信息 HERE
编辑:在控制器中以这种方式调用 getUsers():
@Controller
public class LoginController {
@Autowired
UserService userService;
@RequestMapping(value = "/dashboard")
public ModelAndView userDashboard(){
ModelAndView modelAndView = new ModelAndView("Dashboard");
List<User> userList = userService.getUsers();
modelAndView.addObject("users", userList);
return modelAndView;
}
并且在这种情况下(调用 userService.getUsers() 时)userDAO 不为空
尝试按照 Bohuslav Burghardt 的建议修复它,我得到了
method userDetailsService in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder cannot be applied to given types;
required: T
found: com.gi.service.UserService
reason: inferred type does not conform to upper bound(s)
inferred: com.gi.service.UserService
upper bound(s): org.springframework.security.core.userdetails.UserDetailsService
排队 auth.userDetailsService(用户服务);
这是不正确的部分:
UserServiceImpl userService = new UserServiceImpl();
当您自己实例化服务时,其自动装配的依赖项将始终是 null。您必须让 Spring 容器实例化它(已通过使用 @Service 标记服务来完成),然后将其注入您的安全配置 class,如下所示:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userService;
}
通过 Bohuslav 的这段代码解决了问题
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
}
也不见了
@ComponentScan("com.gi")
之前
public class SecurityConfig extends WebSecurityConfigurerAdapter {
缺少它导致
Error:(24, 13) java: method userDetailsService in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder cannot be applied to given types; required: T found: com.gi.service.UserService reason: inferred type does not conform to upper bound(s) inferred: com.gi.service.UserService upper bound(s): org.springframework.security.core.userdetails.UserDetailsService