首先,您应该定义以下文件
WEB-INF/spring/serurity-context.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsdhttp://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"> <http auto-config="true" /> <beans:bean id="myUserService" /> <authentication-provider user-service-ref="myUserService" /></beans:beans>
现在,您应该创建
org.my.UserService类并实现interface
org.springframework.security.core.userdetails.UserDetailsService。此接口有一种方法:
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, org.springframework.dao.DataAccessException
并且在这种方法中,您可以使用Hibernate以便通过userName加载用户。如果用户不存在,则抛出UsernameNotFoundException,否则返回新的初始化的UserDetails实例(您可以提供很多东西,例如用户角色,帐户有效期等)。
现在来了
web.xml:
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <display-name>My Webapp</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring/*-context.xml </param-value> </context-param> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <servlet> <servlet-name>dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>dispatcher</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping></web-app>
如果您有任何疑问或出了什么问题,请随时提出:)
PS:因此,使用UserDetailsService不必检查用户帐户是否处于活动状态等密码。您只需提供有关用户的spring安全性信息
userName,框架便会验证用户本身。例如,如果您使用MD5编码密码,则可以这样使用
password-enprer:
<beans:bean id="myUserService" /><authentication-provider user-service-ref="myUserService"> <password-enprer hash="md5"/></authentication-provider>
更新资料
现在,我们将更深入地研究
UserService-我的(简化的)现实世界示例。
UserService类:
import org.my_company.my_app.domain.Userpublic class UserService implements UserDetailsService { private UserDao userDao; public void setUserDao(UserDao userDao) { this.userDao = userDao; } public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { // load user User user = userDao.getUser(username); if (user != null) { // convert roles List<GrantedAuthority> roles = new ArrayList<GrantedAuthority>(); for (Privilege p : user.getPrivileges()) { roles.add(new GrantedAuthorityImpl(p.getName())); } // initialize user SecurityUser securityUser = new SecurityUser( user.getUsername(), user.getLdapAuth() ? getLdapPassword(user.getUsername()) : user.getPassword(), user.getStatus() != User.Status.NOT_COMMITED, user.getStatus() != User.Status.BLOCKED, true, true, roles.toArray(new GrantedAuthority[0]) ); securityUser.setUser(user); return securityUser; } else { throw new UsernameNotFoundException("No user with username '" + username + "' found!"); } }}现在
SecurityUser:
import org.my_company.my_app.domain.Userpublic class SecurityUser extends org.springframework.security.core.userdetails.User { private User user; public User getUser() { return user; } public void setUser(User user) { this.user = user; } public SecurityUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, GrantedAuthority[] authorities) throws IllegalArgumentException { super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); }}最后
UserDao:
import org.my_company.my_app.domain.Userpublic class UserDao extends HibernateDaoSupport { public User getUser(String username) { List users = getHibernateTemplate().find("from User where username = ?", username); return users == null || users.size() <= 0 ? null : (User) users.get(0); }}如您所见,我
HibernateTemplate在这里用过。
