小贝子编程

安全配置类中userdetailsservice的春季注入失败



我是spring安全的新手,我正在尝试使用java配置它,但是当我尝试将UserDetailsService注入安全配置类时,我得到404错误页面,但当我将其注入控制器时注入工作。我使用spring 4.1.6版本和spring security 4.0.0

这是我的安全配置类

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("loginService")
UserDetailsService loginService; //THIS IS THE POINT OF FAILURE
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .csrf().disable()
        .authorizeRequests()
            .antMatchers("/").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/")
            .usernameParameter("username")
            .passwordParameter("password")
            .defaultSuccessUrl("/userlist")
            .failureUrl("/")
            .permitAll()
            .and()
        .logout()
            .permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    /*auth
        .inMemoryAuthentication()
            .withUser("user").password("password").roles("USER");*/
    auth.userDetailsService(loginService).passwordEncoder(passwordEncoder());
}
@Override
public void configure(WebSecurity web) throws Exception {
            web
              .ignoring()
                 .antMatchers("/resources/**");
          }

@Bean
public Md5PasswordEncoder passwordEncoder(){
    Md5PasswordEncoder encoder = new Md5PasswordEncoder();
    return encoder;
}
}

UserDetailsService类

@Service("loginService")
public class LoginService implements UserDetailsService{
@Autowired
UserRepository userRepository;
@Transactional
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    SiteUser user = userRepository.findByUsername(username);
    Collection<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
     SimpleGrantedAuthority userAuthority = new SimpleGrantedAuthority("ROLE_USER");
     SimpleGrantedAuthority adminAuthority = new SimpleGrantedAuthority("ROLE_ADMIN");
    User u = null;
    if(user == null) 
        throw new UsernameNotFoundException("No such User: " + username);
    else
    {
        if (user.getRole().equals("USER"))
               authorities.add(userAuthority);
        else if (user.getRole().equals("ADMIN")) 
        {
               authorities.add(userAuthority);
               authorities.add(adminAuthority);
        }
        u = new User(user.getUsername(), user.getPassword(), authorities);
    }
    return u;
}
}

项目的其余部分是可用的

解决方案是添加@ComponentScan("com.ashken *"。)在securityconfig类的顶部

我发现简单地将UserDetailsService的实现注册为SecurityConfig中的bean更麻烦:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserRepository userRepository;
@Bean
public UserDetailsService userDetailsService() {
  return new UserDetailsService() {
    @Transactional
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
      SiteUser user = userRepository.findByUsername(username);
      Collection<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
      SimpleGrantedAuthority userAuthority = new SimpleGrantedAuthority("ROLE_USER");
      SimpleGrantedAuthority adminAuthority = new SimpleGrantedAuthority("ROLE_ADMIN");
      User u = null;
      if(user == null) {
        throw new UsernameNotFoundException("No such User: " + username);
      } else {
        if (user.getRole().equals("USER")) {
          authorities.add(userAuthority);
        } else if (user.getRole().equals("ADMIN")) {
          authorities.add(userAuthority);
          authorities.add(adminAuthority);
        }
        u = new User(user.getUsername(), user.getPassword(), authorities);
      }
      return u;
    }
  };
}
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .csrf().disable()
        .authorizeRequests()
            .antMatchers("/").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/")
            .usernameParameter("username")
            .passwordParameter("password")
            .defaultSuccessUrl("/userlist")
            .failureUrl("/")
            .permitAll()
            .and()
        .logout()
            .permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    /*auth
        .inMemoryAuthentication()
            .withUser("user").password("password").roles("USER");*/
    auth.userDetailsService(loginService).passwordEncoder(passwordEncoder());
}
@Override
public void configure(WebSecurity web) throws Exception {
            web
              .ignoring()
                 .antMatchers("/resources/**");
          }

@Bean
public Md5PasswordEncoder passwordEncoder(){
    Md5PasswordEncoder encoder = new Md5PasswordEncoder();
    return encoder;
}
}

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium