无法使用具有 spring 安全性的有效凭据登录
Unable to login using the valid credentials with spring security
我已经在我的项目中配置了 spring 安全性,但每次我尝试使用正确的凭据登录时,我都无法登录。控制台显示找不到盐源的消息。为什么要在 userAwareUserDetails 中查找 getId?我有单独的用户 class
2015-04-30 10:44:03 DEBUG ConnectionManager:302 - 事务在 on_close 连接释放模式的会话中完成;请务必关闭会话以释放 JDBC 资源!
2015-04-30 10:44:03 DEBUG UsernamePasswordAuthenticationFilter:346 - 身份验证请求失败:org.springframework.security.authentication.AuthenticationServiceException:无法在用户对象上找到加盐方法。 class 'com.spring.security.UserAwareUserDetails' 是否有一个名为 'getId' 的方法或 getter?
2015-04-30 10:44:03 调试 UsernamePasswordAuthenticationFilter:347 - 更新了 SecurityContextHolder 以包含空身份验证
2015-04-30 10:44:03 DEBUG UsernamePasswordAuthenticationFilter:348 - 委托给身份验证失败处理程序 org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@6f12ac99
2015-04-30 10:44:03 调试 SimpleUrlAuthenticationFailureHandler:67 - 重定向到 /login?action=authFail
2015-04-30 10:44:03 调试 DefaultRedirectStrategy:36 - 重定向到“/spring3batchjobliquibasetestngspringsecurityproject/login?action=authFail”
2015-04-30 10:44:03 DEBUG HttpSessionSecurityContextRepository:269 - SecurityContext 为空或内容是匿名的 - 上下文将不会存储在 HttpSession 中。
2015-04-30 10:44:03 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder 现在已清除,因为请求处理已完成
2015-04-30 10:44:03 调试 OpenSessionInViewFilter:207 - 在 OpenSessionInViewFilter 中关闭单个 Hibernate 会话
2015-04-30 10:44:03 调试 SessionFactoryUtils:800 - 关闭 Hibernate 会话
在applicationContext.xml下面是配置:
<import resource="classpath:resources/spring-security.xml" />
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
........................
</bean>
<bean id="transactionManager"
....................
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="annotatedClasses">
<list>
.......
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="connection.autocommit">true</prop>
<prop key="hibernate.dialect">
org.hibernate.dialect.PostgreSQLDialect
</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.hbm2ddl.auto">createOrUpdate</prop>
<prop key="org.hibernate.FlushMode">AUTO</prop>
<prop key="hibernate.connection.autocommit">true</prop>
<prop key="hibernate.transaction.flush_before_completion">true</prop>
<prop key="connection.autocommit">true</prop>
</props>
</property>
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
</beans>
从上面可以清楚地看出,我正在 applicationContext
中导入 spring-security.xml
在spring-security.xml下面是配置
<!-- Scan for spring annotated components -->
<context:component-scan base-package="com.spring">
<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<http pattern="/assets/**" security="none" />
<http pattern="/login" security="none"/>
<!-- HTTP basic authentication in Spring Security -->
<http auto-config="true">
<intercept-url pattern="/api/**" access="ROLE_API" />
<intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/" access="ROLE_ANONYMOUS"/>
<intercept-url pattern="/**" access="ROLE_ADMIN" />
<access-denied-handler error-page="/login?action=authFail"/>
<form-login login-page="/login" default-target-url="/userAdmin" authentication-failure-url="/login?action=authFail" />
<logout logout-success-url="/login?logout=loginFail"/>
</http>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder">
<salt-source ref="saltSource"/>
</password-encoder>
</authentication-provider>
</authentication-manager>
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
<beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<beans:property name="userPropertyToUse">
<beans:value>getId</beans:value>
</beans:property>
</beans:bean>
我有自定义的 userserviceDetailImpl,我已经覆盖了 loadUserByUsername 方法。
下面是用户class
public class User {
private Long id = new Long(-1L);
..............................
public void setId(Long id) {
this.id = id;
}
public Long getId() {
return this.id;
}
public boolean isPersistent() {
return version != null;
}
...............
............
}
谁能帮我解决这个问题?
现在已经解决了,通过在 userawareuserdetails class 中添加 getter 方法,问题就解决了。
我已经在我的项目中配置了 spring 安全性,但每次我尝试使用正确的凭据登录时,我都无法登录。控制台显示找不到盐源的消息。为什么要在 userAwareUserDetails 中查找 getId?我有单独的用户 class
2015-04-30 10:44:03 DEBUG ConnectionManager:302 - 事务在 on_close 连接释放模式的会话中完成;请务必关闭会话以释放 JDBC 资源! 2015-04-30 10:44:03 DEBUG UsernamePasswordAuthenticationFilter:346 - 身份验证请求失败:org.springframework.security.authentication.AuthenticationServiceException:无法在用户对象上找到加盐方法。 class 'com.spring.security.UserAwareUserDetails' 是否有一个名为 'getId' 的方法或 getter? 2015-04-30 10:44:03 调试 UsernamePasswordAuthenticationFilter:347 - 更新了 SecurityContextHolder 以包含空身份验证 2015-04-30 10:44:03 DEBUG UsernamePasswordAuthenticationFilter:348 - 委托给身份验证失败处理程序 org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@6f12ac99 2015-04-30 10:44:03 调试 SimpleUrlAuthenticationFailureHandler:67 - 重定向到 /login?action=authFail 2015-04-30 10:44:03 调试 DefaultRedirectStrategy:36 - 重定向到“/spring3batchjobliquibasetestngspringsecurityproject/login?action=authFail” 2015-04-30 10:44:03 DEBUG HttpSessionSecurityContextRepository:269 - SecurityContext 为空或内容是匿名的 - 上下文将不会存储在 HttpSession 中。 2015-04-30 10:44:03 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder 现在已清除,因为请求处理已完成 2015-04-30 10:44:03 调试 OpenSessionInViewFilter:207 - 在 OpenSessionInViewFilter 中关闭单个 Hibernate 会话 2015-04-30 10:44:03 调试 SessionFactoryUtils:800 - 关闭 Hibernate 会话
在applicationContext.xml下面是配置:
<import resource="classpath:resources/spring-security.xml" />
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
........................
</bean>
<bean id="transactionManager"
....................
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="annotatedClasses">
<list>
.......
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="connection.autocommit">true</prop>
<prop key="hibernate.dialect">
org.hibernate.dialect.PostgreSQLDialect
</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.hbm2ddl.auto">createOrUpdate</prop>
<prop key="org.hibernate.FlushMode">AUTO</prop>
<prop key="hibernate.connection.autocommit">true</prop>
<prop key="hibernate.transaction.flush_before_completion">true</prop>
<prop key="connection.autocommit">true</prop>
</props>
</property>
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
</beans>
从上面可以清楚地看出,我正在 applicationContext
中导入 spring-security.xml在spring-security.xml下面是配置
<!-- Scan for spring annotated components -->
<context:component-scan base-package="com.spring">
<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<http pattern="/assets/**" security="none" />
<http pattern="/login" security="none"/>
<!-- HTTP basic authentication in Spring Security -->
<http auto-config="true">
<intercept-url pattern="/api/**" access="ROLE_API" />
<intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/" access="ROLE_ANONYMOUS"/>
<intercept-url pattern="/**" access="ROLE_ADMIN" />
<access-denied-handler error-page="/login?action=authFail"/>
<form-login login-page="/login" default-target-url="/userAdmin" authentication-failure-url="/login?action=authFail" />
<logout logout-success-url="/login?logout=loginFail"/>
</http>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder">
<salt-source ref="saltSource"/>
</password-encoder>
</authentication-provider>
</authentication-manager>
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
<beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<beans:property name="userPropertyToUse">
<beans:value>getId</beans:value>
</beans:property>
</beans:bean>
我有自定义的 userserviceDetailImpl,我已经覆盖了 loadUserByUsername 方法。
下面是用户class
public class User {
private Long id = new Long(-1L);
..............................
public void setId(Long id) {
this.id = id;
}
public Long getId() {
return this.id;
}
public boolean isPersistent() {
return version != null;
}
...............
............
}
谁能帮我解决这个问题?
现在已经解决了,通过在 userawareuserdetails class 中添加 getter 方法,问题就解决了。