2

ログインページにremember-meを追加したいのですが、ここを読んで、UserDetailsS​​erviceが必要です。しかし、私のUserDetailsS​​erviceが呼び出されていません。誰かが私が間違っている場所を指摘できますか?ありがとう。

spring-security.xml

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<!-- configure Spring-Security  
auto-config is false.
use-expressions is true: see http://static.springsource.org/spring-security/site/docs/3.1.x/reference/el-access.html
access-denied-page: which page is redirected when login is denied
entry-point-ref: This attribute allows this behaviour to be overridden by defining a customized 
AuthenticationEntryPoint bean which will start the authentication process   
-->

<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint" >

    <!-- define how to handle the url /auth/login, primitAll is used since we defined use-expressions=true -->
    <security:intercept-url pattern="/login" access="permitAll"/>
    <security:intercept-url pattern="/search" access="hasRole('ROLE_USER')"/>

    <!-- The logout element adds support for logging out by navigating to a particular URL. 
    The default logout URL is /j_spring_security_logout, 
    but you can set it to something else using the logout-url attribute -->
    <security:logout 
            invalidate-session="true" 
            logout-success-url="/login" />

    <security:custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
    <security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
</security:http>

<!--  Custom filter to deny unwanted users even though registered -->
<bean id="blacklistFilter" class="com.myapp.filter.BlacklistFilter" />

<!-- Custom filter for username and password. we need to create another 4 beans -->
<bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
    p:rememberMeServices-ref="rememberMeServices"
    p:authenticationManager-ref="customAuthenticationManager"
    p:authenticationFailureHandler-ref="customAuthenticationFailureHandler"
    p:authenticationSuccessHandler-ref="customAuthenticationSuccessHandler" />

<!-- Bean 1: Custom authentication manager. -->
<bean id="customAuthenticationManager" class="com.myapp.manager.CustomAuthenticationManager" />

<!-- bean 2: set the default failure url here -->
<bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
    p:defaultFailureUrl="/login?error=true" />

 <!-- bean 3: set the default target url here -->
<bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"
    p:defaultTargetUrl="/search" />

<!-- bean 4: remember me -->
<bean id="rememberMeServices"
    class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
        <property name="userDetailsService" ref="userDetailsService"/>
        <property name="key" value="myapp"/>
</bean>

<bean id="userDetailsService" class="com.myapp.service.UserDetailsServiceImpl" />

<bean id="authenticationEntryPoint"  class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
    p:loginFormUrl="/login"/>
<security:authentication-manager/></beans>

ありがとう、ラルフ

フィルタを追加しましたが、UserDetailsS​​erviceImplがまだ呼び出されておらず、停止点があります。

public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException { logger.info("User details service is called"); return null; }

そして今、構成は次のとおりです。

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<!-- configure Spring-Security  
auto-config is false.
use-expressions is true: see http://static.springsource.org/spring-security/site/docs/3.1.x/reference/el-access.html
access-denied-page: which page is redirected when login is denied
entry-point-ref: This attribute allows this behaviour to be overridden by defining a customized 
AuthenticationEntryPoint bean which will start the authentication process   
-->

<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint" >

    <!-- define how to handle the url /auth/login, primitAll is used since we defined use-expressions=true -->
    <security:intercept-url pattern="/login" access="permitAll"/>
    <security:intercept-url pattern="/search" access="hasRole('ROLE_USER')"/>

    <!-- The logout element adds support for logging out by navigating to a particular URL. 
    The default logout URL is /j_spring_security_logout, 
    but you can set it to something else using the logout-url attribute -->
    <security:logout 
            invalidate-session="true" 
            logout-success-url="/login" />

    <security:custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
    <security:custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER"/>
    <security:custom-filter ref="rememberMeFilter" position="REMEMBER_ME_FILTER"/>
</security:http>

<!--  Custom filter to deny unwanted users even though registered -->
<bean id="blacklistFilter" class="com.myapp.filter.BlacklistFilter" />

<!-- Custom filter for username and password. we need to create another 4 beans -->
<bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"

    p:rememberMeServices-ref="rememberMeServices"
    p:authenticationManager-ref="customAuthenticationManager"
    p:authenticationFailureHandler-ref="customAuthenticationFailureHandler"
    p:authenticationSuccessHandler-ref="customAuthenticationSuccessHandler" />

<!-- Bean 1: Custom authentication manager. -->
<bean id="customAuthenticationManager" class="com.myapp.manager.CustomAuthenticationManager" />

<!-- bean 2: set the default failure url here -->
<bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
    p:defaultFailureUrl="/login?error=true" />

 <!-- bean 3: set the default target url here -->
<bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"
    p:defaultTargetUrl="/search" />

<!-- bean 4: remember me -->
<bean id="rememberMeServices"
    class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
        <property name="userDetailsService" ref="userDetailsService"/>
        <property name="key" value="myapp"/>
</bean>

<bean id="userDetailsService" class="com.myapp.service.UserDetailsServiceImpl" />


<bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
    <property name="rememberMeServices" ref="rememberMeServices"/>
    <property name="authenticationManager" ref="customAuthenticationManager" />
</bean>

<bean id="authenticationEntryPoint"  class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
    p:loginFormUrl="/login"/>

<security:authentication-manager alias="theAuthenticationManager"/></beans>
4

1 に答える 1

0

を追加するのを忘れたようですRememberMeAuthenticationFilter。-あなたが言及したドキュメントの例を見てください、あなたは私が何を意味するかを見るでしょう。


まず、構成をhttp://www.i-develop.be/blog/2010/02/04/spring-security-remember-me/のようなデフォルトの構成に減らしてみてください。

于 2012-05-10T10:49:37.863 に答える