我试图从StackOverflow(Use Spring Security with JPA)关注此帖未成功。春季安全到用户JPA连接
我实现了一个UserDetailsService:
import javax.inject.Inject;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.boss.mrfoods.dao.UserDao;
import com.boss.mrfoods.entity.User;
@Service
public class LoginController implements UserDetailsService {
@Inject
private UserDao userDao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
User user = userDao.getForUsername(username);
System.out.println("USERNAME: " + username);
System.out.println("USER: " + user);
System.out.println("ROLES:" + user.getRoles());
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), user.getRoles());
}
}
而且在Spring XML配置文件中像这样的一个参考吧:
<debug />
<global-method-security pre-post-annotations="enabled" />
<http pattern="/resources/**" security="none" />
<http pattern="/pages/loggedout.xhtml" security="none" />
<http pattern="/pages/timeout.xhtml" security="none" />
<http use-expressions="true">
<intercept-url pattern="/pages/admin/**" access="hasRole('supervisor')" />
<intercept-url pattern="/pages/user/**" access="isAuthenticated()" />
<intercept-url pattern="/**" access="permitAll" />
<form-login />
<logout logout-success-url="/pages/loggedout.xhtml" delete-cookies="JSESSIONID" />
<remember-me />
</http>
<beans:bean id="customUserDetailsService" class="com.boss.mrfoods.controller.LoginController" />
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>
什么也没有发生。没有例外,我的UserDetailsService实现永远不会被调用。
我想要实现的是Spring Security使用我的JPA连接/事务来查找用户/角色。我是否缺少配置?从哪里开始寻找问题,如果我甚至没有得到和例外。
我发现了这么远的是:我的userDao为空。对象注入不起作用。注入无法构建该对象。为什么?
感谢您阅读这篇文章。
你是如何尝试验证?你的安全配置中是否有'http'元素? – digitaljoel 2013-02-27 16:43:18
编辑了该问题以显示更多的XML配置文件。 – MBarni 2013-02-27 17:01:51