【发布时间】:2014-01-01 03:09:56
【问题描述】:
我正在使用 spring-security 来验证用户配置文件的功能,但我的应用程序运行不佳,当我看到文件日志时,它会显示:
DEBUG DaoAuthenticationProvider:308 - 用户帐户被锁定
在我的表单登录中我把数据放好,但我从不传递到其他页面,我总是在同一个页面(表单页面),我介绍好的或坏的数据
我的代码是:
文件配置spring-security.xml
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true" access-decision-manager-ref="accessDecisionManager">
<security:intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/init" access="PROFILE_ADMINISTRATOR" />
<security:form-login
login-page="/"
default-target-url="/init"
always-use-default-target='true'
authentication-failure-url="/"/>
<security:http-basic />
</security:http>
<security:authentication-manager alias="autenticationManagerUserService">
<security:authentication-provider user-service-ref="userService">
<security:password-encoder hash="md5"/>
</security:authentication-provider>
</security:authentication-manager>
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:ref bean="decisorDeRoles"/>
<beans:ref bean="decisorDeAutenticacion"/>
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="decisorDeRoles" class="org.springframework.security.access.vote.RoleVoter">
<beans:property name="rolePrefix" value="PROFILE_"/>
</beans:bean>
<beans:bean id="decisorDeAutenticacion" class="org.springframework.security.access.vote.AuthenticatedVoter"/>
<beans:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
</beans:beans>
UserDatailsService 类
@Service("userService")
public class SecurityAuthenticationProvider implements UserDetailsService
{
UserDao userDao = new UserDao ();
@Override
public UserDetails loadUserByUsername (String username) throws UsernameNotFoundException, DataAccessException
{
User user = null;
List<User> users = userDao.getUser (username);
if (users.size () == 0)
{
throw new UsernameNotFoundException ("");
}
else
{
user = users.get (0);
user.setAuthorities (userDao.getProfileUser (username));
return user;
}
}
}
类用户数据
public class User implements UserDetails
{
private List<GrantedAuthority> profiles;
private String username;
private String password;
private boolean accountNonExpired;
private boolean accountNonLocked;
private boolean credentialsNonExpired;
private boolean enabled;
@Override
public Collection<? extends GrantedAuthority> getAuthorities ()
{
return profiles;
}
@SuppressWarnings("unchecked")
public void setAuthorities (List<? extends GrantedAuthority> profiles)
{
this.profiles = (List<GrantedAuthority>) profiles;
}
@Override
public String getPassword ()
{
return password;
}
@Override
public String getUsername ()
{
return username;
}
@Override
public boolean isAccountNonExpired ()
{
return accountNonExpired;
}
@Override
public boolean isAccountNonLocked ()
{
return accountNonLocked;
}
@Override
public boolean isCredentialsNonExpired ()
{
return credentialsNonExpired;
}
@Override
public boolean isEnabled ()
{
return enabled;
}
public void setUsername (String username)
{
this.username = username;
}
public void setPassword (String password)
{
this.password = password;
}
public void setAccountNonExpired (boolean accountNonExpired)
{
this.accountNonExpired = accountNonExpired;
}
public void setAccountNonLocked (boolean accountNonLocked)
{
this.accountNonLocked = accountNonLocked;
}
public void setCredentialsNonExpired (boolean credentialsNonExpired)
{
this.credentialsNonExpired = credentialsNonExpired;
}
public void setEnabled (boolean enabled)
{
this.enabled = enabled;
}
}
类GrantedAuthority
public class Profile implements GrantedAuthority
{
private String profile;
@Override
public String getAuthority ()
{
return profile;
}
public String getProfile ()
{
return profile;
}
public void setProfile (String profile)
{
this.profile = profile;
}
}
我为模拟访问数据库(获取数据)而创建的类
public class UserDao
{
public List<? extends GrantedAuthority> getProfileUser (String name)
{
List<GrantedAuthority> listGrantedAuthorities = new ArrayList<GrantedAuthority> ();
Profile profile = new Profile ();
profile.setProfile ("PROFILE_ADMINISTRATOR");
listGrantedAuthorities.add (profile);
return listGrantedAuthorities;
}
public List<User> getUser (String name)
{
List<User> listUser = new ArrayList<User> ();
User user = new User ();
user.setUsername ("Admin");
user.setPassword ("1234");
// user.setAccountNonExpired (true);
// user.setAccountNonLocked (true);
// user.setCredentialsNonExpired (true);
// user.setEnabled (true);
listUser.add (user);
return listUser;
}
}
谢谢。
【问题讨论】:
-
您对
UserDetails的实现存在缺陷。布尔值的默认值为false,因此isAccountNonLocked方法返回false,表示用户被阻止。 -
对不起,我不明白!如果我取消注释那些是 cmets 的行,我会犯同样的错误:
DEBUG DaoAuthenticationProvider:308 - User account is locked,它会是什么? -
Spring Security 使用这些方法进行检查,如果执行错误,它将无法工作。
-
是的,我知道,但我不知道为什么会出错。我认为它实施得很好,不是吗?
-
无论哪种方式,在
isAccountNonLocked方法上完成的检查,如果返回false,则打印您声明的消息。因此,您的实现中一定有问题(即值设置不正确),或者您没有显示您拥有的所有内容。但是,正如我之前提到的,您显示的代码没有添加默认值已经添加的任何内容,所以我仍然不确定您为什么尝试创建自己的实现(除非您的Profile比您在此处显示的更多)。
标签: spring authentication spring-security authorization profile