使用数据库弹簧安全认证和授权

我的web应用程序使用弹簧安全认证和基于数据库的授权。我已经完成了这个名字：这是我介绍的applicationContext.xml和applicationContext-我的web.xml文件 security.xml文件：使用数据库弹簧安全认证和授权

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" 
     xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
     id="WebApp_ID" version="2.5"> 

    <display-name>Struts2Example14</display-name> 

    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value> 
      /WEB-INF/applicationContext.xml 
      /WEB-INF/applicationContext-security.xml 
     </param-value> 
    </context-param> 

    <filter> 
     <filter-name>struts2</filter-name> 
     <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> 
    </filter> 

    <listener> 
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 

    <filter-mapping> 
     <filter-name>struts2</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 

    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

    <welcome-file-list> 
     <welcome-file>index.jsp</welcome-file> 
    </welcome-file-list> 
</web-app>

这是我applicationContextSecurity.xml：

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns:sec="http://www.springframework.org/schema/security" 
     xmlns:beans="http://www.springframework.org/schema/mvc" 
     xmlns:context="http://www.springframework.org/schema/context" 
     xsi:schemaLocation=" 
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd 
     http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd 
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd"> 

    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> 
     <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/> 
     <property name="url" value="jdbc:oracle:thin:@10.60.2.4:1521:agribase"/> 
     <property name="username" value="sabka"/> 
     <property name="password" value="sabka"/> 
    </bean> 

    <sec:http use-expressions="true"> 
     <sec:intercept-url pattern="/secured/**" access="ROLE_USER"/> 
     <sec:intercept-url pattern="/admin/*" access="ROLE_ADMIN"/> 
     <sec:form-login login-page="/jsp/homePage.jsp" 
         authentication-failure-url="/jsp/homePage.jsp" 
         default-target-url="/jsp/homePage.jsp"/> 
    </sec:http> 

    <sec:authentication-manager> 
     <sec:authentication-provider> 
      <sec:jdbc-user-service 
       data-source-ref="dataSource" 
       users-by-username-query=" 
        SELECT username,password, enabled FROM users WHERE username=?" 
       authorities-by-username-query=" 
        SELECT u.username, ur.authority 
        FROM users u, user_roles ur WHERE u.user_id = ur.user_id AND u.username=?"/> 
     </sec:authentication-provider> 
    </sec:authentication-manager> 
</beans>

时我运行它，它日食出现此错误：

Unexpected exception parsing XML document from ServletContext resource [/WEB- INF/applicationContext-security.xml]; 

nested exception is org.springframework.beans.BeanInstantiationException:Could not instantiate bean class 
[org.springframework.security.config.SecurityNamespaceHandler]:Constructor threw exception; 

nested exception is java.lang.NoClassDefFoundError: org/springframework/aop/config/AbstractInterceptorDrivenBeanDefinitionDecorator

这是我的类路径：

<?xml version="1.0" encoding="UTF-8"?> 
<classpath> 
<classpathentry kind="src" path="src"/> 
<classpathentry kind="src" path="WebContent/WEB-INF"/> 
<classpathentry exported="true" kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.St andardVMType/jre6"> 
<attributes> 
<attribute name="owner.project.facets" value="java"/> 
</attributes> 
</classpathentry> 
<classpathentry exported="true" kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v6.0"> 
<attributes> 
<attribute name="owner.project.facets" value="jst.web"/> 
</attributes> 
</classpathentry> 
<classpathentry exported="true" kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/> 
<classpathentry exported="true" kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/> 
<classpathentry exported="true" kind="lib" path="//10.60.2.7/Sabka/lib/ojdbc14.jar"/> 
<classpathentry exported="true" kind="lib" path="//10.60.2.7/Sabka/lib/ojdbc14dms.jar"/> 
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/antlr-runtime-3.0.jar"/> 
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/commons-fileupload-1.2.1.jar"/> 
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/commons-io-1.3.2.jar"/> 
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/commons-logging-1.1.jar"/> 
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/freemarker-2.3.13.jar"/> 
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/junit-3.8.1.jar"/> 
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/ognl-2.6.11.jar"/> 
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.asm-3.0.0.M3.jar"/> 
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.beans-3.0.0.M3.jar"/> 
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.context-3.0.0.M3.jar"/> 
<classpathentry exported="true" kind="lib" path="D:/SpringWS/SpringStruts2/WebContent/WEB-INF/lib/org.springframework.core-3.0.0.M3.jar"/>

来源

2013-03-05 roland duff

它可以帮助你http://forum.springsource.org/showthread.php?59938-Custom-implementation-of-Spring-Security-s-UserDetailsService – nav0611 2013-03-05 07:38:40

是否包含在类路径中的Spring AOP的jar文件？

来源

2013-03-05 07:30:08

不，我没有使用aop，所以我没有一个jar文件 – 2013-03-05 07:32:55

Spring安全使用AOP的封面，所以尝试添加spring-aop jar文件。这应该解决你目前的问题。 – 2013-03-05 07:34:24

该问题解决了，现在这是问题：意外的异常从ServletContext资源解析XML文档[/WEB-INF/applicationContext-security.xml];嵌套异常是java.lang.NoSuchMethodError：org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.getLocalName（Lorg/w3c/dom/Node;）Ljava/lang/String; – 2013-03-05 07:56:32

这个例子将演示spring 3.2与Spring Security 3.1和Hibernate 4.1.9的使用。

包括在你的pom.xml

 <!-- spring dependency--> 
      <dependency> 
      <groupId>org.springframework</groupId> 
      <artifactId>spring-context-support</artifactId> 
      <version>${spring.framework.version}</version> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework</groupId> 
      <artifactId>spring-orm</artifactId> 
      <version>${spring.framework.version}</version> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework</groupId> 
      <artifactId>spring-core</artifactId> 
      <version>${spring.framework.version}</version> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework</groupId> 
      <artifactId>spring-web</artifactId> 
      <version>${spring.framework.version}</version> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework</groupId> 
      <artifactId>spring-webmvc</artifactId> 
      <version>${spring.framework.version}</version> 
     </dependency> 
     <!-- START: Spring security --> 
     <dependency> 
      <groupId>org.springframework.security</groupId> 
      <artifactId>spring-security-core</artifactId> 
      <version>${spring.security.version}</version> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework.security</groupId> 
      <artifactId>spring-security-config</artifactId> 
      <version>${spring.security.version}</version> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework.security</groupId> 
      <artifactId>spring-security-web</artifactId> 
      <version>${spring.security.version}</version> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework.security</groupId> 
      <artifactId>spring-security-taglibs</artifactId> 
      <version>${spring.security.version}</version> 
     </dependency> 
     <!-- END: Spring security -->

在web.xml

<context-param> 
      <param-name>contextConfigLocation</param-name> 
      <param-value>/WEB-INF/spring/root-context.xml,/WEB-INF/spring/spring-security.xml</param-value> 
    </context-param> 

     <!-- START: Spring Security --> 
     <filter> 
      <filter-name>springSecurityFilterChain</filter-name> 
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
     </filter> 
     <filter-mapping> 
      <filter-name>springSecurityFilterChain</filter-name> 
      <url-pattern>/*</url-pattern> 
     </filter-mapping> 
     <!-- END: Spring Security -->

弹簧security.xml文件

<http auto-config="true" access-denied-page="/denied"> 
     <intercept-url pattern="/role1/*" access="ROLE1" /> 
     <intercept-url pattern="/role2/*" access="ROLE2" /> 
     <intercept-url pattern="/role3/*" access="ROLE3" /> 
     <intercept-url pattern="/home" access="ROLE1,ROLE2,ROLE3"/>   
     <form-login login-page="/login" default-target-url="/home" 
      authentication-failure-url="/loginfailed" /> 
      <logout 
      invalidate-session="true" 
      delete-cookies="SPRING_SECURITY_REMEMBER_ME_COOKIE" 
      logout-success-url="/index"></logout> 
    </http> 
<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/> 
    <authentication-manager > 
    <authentication-provider ref="authProvider"></authentication-provider> 
    </authentication-manager> 
<beans:bean id="authProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> 
    <beans:property name="userDetailsService" ref="userDetailsServiceImpl" /> 
    <beans:property name="passwordEncoder" ref="encoder" /> 
</beans:bean> 
<!-- For hashing and salting user passwords --> 
    <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

在mvc.xml以下依赖

<security:global-method-security secured-annotations="enabled"/> 
    <bean id="userDetailsServiceImpl" class="com.service.UserDetailsServiceImpl"> 
     <property name="sessionFactory" ref="sessionFactory"></property> 
    </bean>

在UserDetailsServiceImpl

@Service 
@Transactional(readOnly = true) 
public class UserDetailsServiceImpl implements UserDetailsService { 


    UserDao userDAO = new UserDaoImpl(); 

    public UserDetails loadUserByUsername(String userName) 
      throws UsernameNotFoundException { 

     Users domainUser = userDAO.getUser(userName); 
     Roles role = domainUser.getRoles(); 
     boolean enabled = true; 
     boolean accountNonExpired = true; 
     boolean credentialsNonExpired = true; 
     boolean accountNonLocked = true; 

     return new User(domainUser.getUsername(), 
       domainUser.getUsersPassword(), enabled, accountNonExpired, 
       credentialsNonExpired, accountNonLocked, 
       getAuthorities(role.getRoleName())); 
    } 

    public Collection<? extends GrantedAuthority> getAuthorities(String role) { 
     List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role)); 
     return authList; 
    } 

    public List<String> getRoles(String role) { 

     List<String> roles = new ArrayList<String>(); 
     if ("ROLE1".equals(role)) { 
      roles.add("ROLE1"); 
     } else if ("ROLE2".equals(role)) { 
      roles.add("ROLE2"); 
     } 
     else if ("ROLE3".equals(role)) { 
      roles.add("ROLE3"); 
     } 
     return roles; 
    } 

    public static List<GrantedAuthority> getGrantedAuthorities(
      List<String> roles) { 
     List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); 

     for (String role : roles) { 
      authorities.add(new SimpleGrantedAuthority(role)); 
     } 
     return authorities; 
    }

现在，你需要在DAO一个方法来获取基于用户名用户的POJO。然后它会正常工作

来源

2013-08-13 11:53:14

我尝试使用与以下相同的安全配置： – gkbstar 2016-05-19 09:12:12

但它抛出一个错误为：由org.springframework.beans.NotWritablePropertyException造成：无效属性'passwordEncoder'的bean类[com.ipms.service.impl.CustomUserDetailsService]：Bean属性'passwordEncoder'是不可写或具有无效的setter方法setter的参数类型是否与getter的返回类型相匹配？ – gkbstar 2016-05-19 09:15:30

使用数据库弹簧安全认证和授权

回答

相关问题