无法使用具有 spring 安全性的有效凭据登录

Unable to login using the valid credentials with spring security

我已经在我的项目中配置了 spring 安全性,但每次我尝试使用正确的凭据登录时,我都无法登录。控制台显示找不到盐源的消息。为什么要在 userAwareUserDetails 中查找 getId?我有单独的用户 class

2015-04-30 10:44:03 DEBUG ConnectionManager:302 - 事务在 on_close 连接释放模式的会话中完成;请务必关闭会话以释放 JDBC 资源! 2015-04-30 10:44:03 DEBUG UsernamePasswordAuthenticationFilter:346 - 身份验证请求失败:org.springframework.security.authentication.AuthenticationServiceException:无法在用户对象上找到加盐方法。 class 'com.spring.security.UserAwareUserDetails' 是否有一个名为 'getId' 的方法或 getter? 2015-04-30 10:44:03 调试 UsernamePasswordAuthenticationFilter:347 - 更新了 SecurityContextHolder 以包含空身份验证 2015-04-30 10:44:03 DEBUG UsernamePasswordAuthenticationFilter:348 - 委托给身份验证失败处理程序 org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@6f12ac99 2015-04-30 10:44:03 调试 SimpleUrlAuthenticationFailureHandler:67 - 重定向到 /login?action=authFail 2015-04-30 10:44:03 调试 DefaultRedirectStrategy:36 - 重定向到“/spring3batchjobliquibasetestngspringsecurityproject/login?action=authFail” 2015-04-30 10:44:03 DEBUG HttpSessionSecurityContextRepository:269 - SecurityContext 为空或内容是匿名的 - 上下文将不会存储在 HttpSession 中。 2015-04-30 10:44:03 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder 现在已清除,因为请求处理已完成 2015-04-30 10:44:03 调试 OpenSessionInViewFilter:207 - 在 OpenSessionInViewFilter 中关闭单个 Hibernate 会话 2015-04-30 10:44:03 调试 SessionFactoryUtils:800 - 关闭 Hibernate 会话

在applicationContext.xml下面是配置:

    <import resource="classpath:resources/spring-security.xml" /> 
    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
        ........................
    </bean>
    <bean id="transactionManager"
        ....................
    </bean> 
    <bean id="sessionFactory"
        class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
        <property name="dataSource" ref="dataSource" />
        <property name="annotatedClasses">
            <list>
                .......
            </list>
        </property>
        <property name="hibernateProperties">
            <props>
                <prop key="connection.autocommit">true</prop>
                <prop key="hibernate.dialect">
                    org.hibernate.dialect.PostgreSQLDialect
                </prop>
                <prop key="hibernate.show_sql">true</prop>
                <prop key="hibernate.hbm2ddl.auto">createOrUpdate</prop>
                <prop key="org.hibernate.FlushMode">AUTO</prop>
                <prop key="hibernate.connection.autocommit">true</prop>
                <prop key="hibernate.transaction.flush_before_completion">true</prop>
                <prop key="connection.autocommit">true</prop>
            </props>
        </property>
    </bean>
    <tx:annotation-driven transaction-manager="transactionManager" />
</beans>

从上面可以清楚地看出,我正在 applicationContext

中导入 spring-security.xml

在spring-security.xml下面是配置

<!-- Scan for spring annotated components -->
    <context:component-scan base-package="com.spring">
        <context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
    </context:component-scan>

    <http pattern="/assets/**" security="none" />
    <http pattern="/login" security="none"/>
    <!-- HTTP basic authentication in Spring Security -->
    <http auto-config="true">
        <intercept-url pattern="/api/**" access="ROLE_API" />
        <intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
        <intercept-url pattern="/" access="ROLE_ANONYMOUS"/>
        <intercept-url pattern="/**"  access="ROLE_ADMIN" />
        <access-denied-handler error-page="/login?action=authFail"/>

        <form-login login-page="/login" default-target-url="/userAdmin" authentication-failure-url="/login?action=authFail" />
        <logout logout-success-url="/login?logout=loginFail"/>
    </http>

    <authentication-manager>
        <authentication-provider user-service-ref="userDetailsService">
            <password-encoder ref="passwordEncoder">
                <salt-source ref="saltSource"/>
            </password-encoder>
        </authentication-provider>
    </authentication-manager>

    <beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>

    <beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
        <beans:property name="userPropertyToUse">
            <beans:value>getId</beans:value>
        </beans:property>
    </beans:bean>

我有自定义的 userserviceDetailImpl,我已经覆盖了 loadUserByUsername 方法。

下面是用户class

public class User {
 private Long id = new Long(-1L);
..............................
 public void setId(Long id) {
        this.id = id;
    }

    public Long getId() {
        return this.id;
    }

    public boolean isPersistent() {
        return version != null;
    }
...............
............
}

谁能帮我解决这个问题?

现在已经解决了,通过在 userawareuserdetails class 中添加 getter 方法,问题就解决了。