我不知道你那是在哪里配置的,你可以参考下:
web.xml<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"> <display-name>Test</display-name> <context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/security.xml
</param-value>
</context-param> ... <!-- Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter> <filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener> <listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener> <servlet>
<servlet-name>test</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet> <servlet-mapping>
<servlet-name>test</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping> <session-config>
<session-timeout>1</session-timeout>
</session-config>
</web-app>security.xml<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:bean id="authenticationManager" class="my.package.security.AuthenticationManager" />
<beans:bean id="userDetailsDao" class="my.package.dao.UserDetailsDao" /> <http disable-url-rewriting="true" authentication-manager-ref="authenticationManager">
<intercept-url pattern="/login*" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/*" access="ROLE_USER" />
<form-login login-processing-url="/authorize" login-page="/login" authentication-failure-url="/login-failed" />
<logout logout-url="/logout" logout-success-url="/login" />
<remember-me data-source-ref="dataSource" user-service-ref="userDetailsDao" />
<session-management session-authentication-strategy-ref="sas" invalid-session-url="/invalid-session" />
</http> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/> <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
</beans:beans>my.package.security.AuthenticationManager.javapublic class AuthenticationManager implements org.springframework.security.authentication.AuthenticationManager
{
@Autowired
UserJpaDao userDao; public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
UserDetails userDetails = null; if(authentication.getPrincipal() == null || authentication.getCredentials() == null)
{
throw new BadCredentialsException("Invalid username/password");
} User loggedInUser = userDao.findByAlias(authentication.getName());
if(loggedInUser != null)
{
// TODO: check credentials
userDetails = new UserDetails(loggedInUser);
}
else
{
loggedInUser = null;
throw new BadCredentialsException("Unknown username");
} return new UsernamePasswordAuthenticationToken(userDetails, authentication.getCredentials(), userDetails.getAuthorities());
}
}my.package.dao.UserDetailsDao.javapublic class UserDetailsDao implements UserDetailsService
{
@Autowired
UserJpaDao userDao; public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
{
User user = userDao.findByAlias(username);
if(user != null)
{
return new UserDetails(user);
} throw new UsernameNotFoundException("The specified user cannot be found");
}
}my.package.UserDetails.javapublic class UserDetails implements org.springframework.security.core.userdetails.UserDetails
{
private String alias;
private String encryptedPassword; public UserDetails(User user)
{
this.alias = user.getAlias();
this.encryptedPassword = user.getEncryptedPassword();
} @Override
public Collection<? extends GrantedAuthority> getAuthorities()
{
ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
return authorities;
} @Override
public String getPassword()
{
return this.encryptedPassword;
} @Override
public String getUsername()
{
return this.alias;
} @Override
public boolean isAccountNonExpired()
{
return true;
} @Override
public boolean isAccountNonLocked()
{
return true;
} @Override
public boolean isCredentialsNonExpired()
{
return true;
} @Override
public boolean isEnabled()
{
return true;
}
}
web.xml<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"> <display-name>Test</display-name> <context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/security.xml
</param-value>
</context-param> ... <!-- Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter> <filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener> <listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener> <servlet>
<servlet-name>test</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet> <servlet-mapping>
<servlet-name>test</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping> <session-config>
<session-timeout>1</session-timeout>
</session-config>
</web-app>security.xml<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:bean id="authenticationManager" class="my.package.security.AuthenticationManager" />
<beans:bean id="userDetailsDao" class="my.package.dao.UserDetailsDao" /> <http disable-url-rewriting="true" authentication-manager-ref="authenticationManager">
<intercept-url pattern="/login*" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
<intercept-url pattern="/*" access="ROLE_USER" />
<form-login login-processing-url="/authorize" login-page="/login" authentication-failure-url="/login-failed" />
<logout logout-url="/logout" logout-success-url="/login" />
<remember-me data-source-ref="dataSource" user-service-ref="userDetailsDao" />
<session-management session-authentication-strategy-ref="sas" invalid-session-url="/invalid-session" />
</http> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/> <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
</beans:beans>my.package.security.AuthenticationManager.javapublic class AuthenticationManager implements org.springframework.security.authentication.AuthenticationManager
{
@Autowired
UserJpaDao userDao; public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
UserDetails userDetails = null; if(authentication.getPrincipal() == null || authentication.getCredentials() == null)
{
throw new BadCredentialsException("Invalid username/password");
} User loggedInUser = userDao.findByAlias(authentication.getName());
if(loggedInUser != null)
{
// TODO: check credentials
userDetails = new UserDetails(loggedInUser);
}
else
{
loggedInUser = null;
throw new BadCredentialsException("Unknown username");
} return new UsernamePasswordAuthenticationToken(userDetails, authentication.getCredentials(), userDetails.getAuthorities());
}
}my.package.dao.UserDetailsDao.javapublic class UserDetailsDao implements UserDetailsService
{
@Autowired
UserJpaDao userDao; public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
{
User user = userDao.findByAlias(username);
if(user != null)
{
return new UserDetails(user);
} throw new UsernameNotFoundException("The specified user cannot be found");
}
}my.package.UserDetails.javapublic class UserDetails implements org.springframework.security.core.userdetails.UserDetails
{
private String alias;
private String encryptedPassword; public UserDetails(User user)
{
this.alias = user.getAlias();
this.encryptedPassword = user.getEncryptedPassword();
} @Override
public Collection<? extends GrantedAuthority> getAuthorities()
{
ArrayList<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
return authorities;
} @Override
public String getPassword()
{
return this.encryptedPassword;
} @Override
public String getUsername()
{
return this.alias;
} @Override
public boolean isAccountNonExpired()
{
return true;
} @Override
public boolean isAccountNonLocked()
{
return true;
} @Override
public boolean isCredentialsNonExpired()
{
return true;
} @Override
public boolean isEnabled()
{
return true;
}
}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货