0
我有一个应用程序使用spring security configure xml与spring MVC集成。如何将spring security xml转换为注释
我的春节,安全配置XML:
<http pattern="/admin/**" authentication-manager-ref="adminAuthenticationManager">
<intercept-url pattern="/" access="permitAll" />
<form-login login-page="/login" username-parameter="userEmail"
login-processing-url="/admin/j_spring_security_check"
authentication-success-handler-ref="customAuthenticationSuccessHandler"
password-parameter="password" authentication-failure-url="/admin/login?error" />
<logout logout-url="/admin/j_spring_security_logout"
logout-success-url="/admin/login?logout" />
<remember-me key="uniqueAndSecret" user-service-ref="customUserDetailsService"
token-validity-seconds="7776000" />
<csrf disabled="true" />
</http>
<http authentication-manager-ref="userAuthenticationManager">
<intercept-url pattern="/" access="permitAll" />
<form-login login-page="/login" username-parameter="userEmail"
login-processing-url="/j_spring_security_check" password-parameter="password"
authentication-success-handler-ref="customAuthenticationSuccessHandler"
authentication-failure-url="/login?error" />
<logout logout-url="/j_spring_security_logout"
logout-success-url="/login?logout" />
<remember-me key="uniqueAndSecret" user-service-ref="customAdminDetailsService"
token-validity-seconds="7776000" />
<csrf disabled="true" />
</http>
<authentication-manager erase-credentials="false"
id="userAuthenticationManager">
<authentication-provider user-service-ref="customUserDetailsService" />
</authentication-manager>
<authentication-manager erase-credentials="false"
id="adminAuthenticationManager">
<authentication-provider user-service-ref="customAdminDetailsService" />
</authentication-manager>
<beans:bean id="customUserDetailsService"
class="com.service.impl.UserDetailServiceImpl" />
<beans:bean id="customAdminDetailsService"
class="com.service.impl.AdminDetailServiceImpl" />
我定制UserServiceDetailImpl文件:
@Service
public class UserDetailServiceImpl implements UserDetailsService {
@Autowired
private UserService userService;
@Override
public UserDetails loadUserByUsername(String email) {
try {
User user = userService.getUserByEmail(email);
if (user != null) {
return new org.springframework.security.core.userdetails.User(user.getUserEmail(), user.getPassword(),
true, true, true, true, getGrantedAuthorities(user));
} else {
throw new UsernameNotFoundException(email);
}
} catch (Exception e) {
throw new UsernameNotFoundException(email);
}
}
private List<GrantedAuthority> getGrantedAuthorities(Object generalUser) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
if (generalUser instanceof User) {
authorities.add(new SimpleGrantedAuthority(CommonConstant.Role.USER.toString()));
}
return authorities;
}
}
现在,我怎样才能将其更改为春天的注释来配置?
我WebsercurityConfig文件时,我改变了春季安全使用注解:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailServiceImpl userDetailService;
@Autowired
AdminDetailServiceImpl adminDetailService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailService);
auth.userDetailsService(adminDetailService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll()
.and().formLogin().loginPage("/login")
.failureUrl("/login?error").loginProcessingUrl("/j_spring_security_check")
.successHandler(loginSuccessHanlder).failureUrl("/login?error=true")
.usernameParameter("userEmail").passwordParameter("password")
.and().logout().logoutUrl("/j_spring_security_logout").logoutSuccessUrl("/login?logout")
.and().userDetailsService(userDetailService)
.rememberMe().key("uniqueAndSecret")
.tokenValiditySeconds(33343)
.and()
.authorizeRequests().antMatchers("/admin/**").permitAll()
.and().formLogin().loginPage("/login")
.failureUrl("/admin/login?error").loginProcessingUrl("/admin/j_spring_security_check")
.successHandler(loginSuccessHanlder).failureUrl("/admin/login?error=true")
.usernameParameter("userEmail").passwordParameter("password")
.and().logout().logoutUrl("/admin/j_spring_security_logout").logoutSuccessUrl("/admin/login?logout")
.and().userDetailsService(userDetailService)
.rememberMe().key("uniqueAndSecret")
.tokenValiditySeconds(33343);
}
}
感谢@kuhajeyan 你能告诉我如何自定义(或注入)豆以上 ? 在我的项目中,我定制UserDetailServiceImpl实现UserDetailService,但我不知道如何定制(或注入)上述 – joseJv
Bean应该只是简单的自动装配它,(更新) – kuhajeyan
嗨@kuhajeyan,你可以检查我的WebSecurityConfig for我。我试图追随你的支持。但是我遇到了一些问题。 第一次,当我使用名称空间“/ admin”登录时,我的浏览器不处理任何事情,它只显示“admin/j_spring_security_check”。 第二,当我用命名空间“/”登录时,我调试程序,我用userEmail/password登录true - >我的程序运行正确。但是当我用错误的userEmail/orPassword登录时 - >我看到程序跳到UserDetailService 2次,然后跳转到AdminDetailService。在任何时候,如果userEmail/password为true,程序将中断。 – joseJv