SpringSecurity Autowire Workaround
It's apparently well documented that @Autowired won't work inside a UserDetailsService
Is this true? If not, how c开发者_如何学Goan I autowire inside my UserDetailsService?
If it is true, are there any work arounds? How can I execute a hibernate query?
The accountDao I bind in AccountService works fine if I put it in the application context and use it in any other class. I read somewhere that Autowire didn't work because the UserDetailsService was out of the scope where spring would bind? and that a work around was to manually wire it in xml. If that's true? How does that work?
AccountService:
@Service
public class AccountService implements UserDetailsService {
@Autowired
AccountDao accountDao;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
Account account = accountDao.getUser(username);
if (account == null)
throw new UsernameNotFoundException("No account found for '"
+ username + "'");
return account;
}
@SuppressWarnings("unused")
private GrantedAuthority[] getAuthorities(boolean isAdmin) {
List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(2);
authList.add(new GrantedAuthorityImpl("ROLE_USER"));
if (isAdmin) {
authList.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
}
return authList.toArray(new GrantedAuthority[] {});
}
public void setAccountDao(AccountDao accountDao) {
this.accountDao = accountDao;
}
Security Context
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true"
access-denied-page="/krams/auth/denied">
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/campaign/*"
access="hasRole('ROLE_ADMIN')" />
<!-- <security:intercept-url pattern="/city/*" access="hasRole('ROLE_ADMIN')"/> -->
<security:intercept-url pattern="/company/*"
access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/krams/main/common"
access="hasRole('ROLE_USER')" />
<security:form-login login-page="/auth/login"
authentication-failure-url="/auth/login?error=true"
default-target-url="/home" />
<security:logout invalidate-session="true"
logout-success-url="/auth/login" logout-url="/auth/logout" />
</security:http>
<!-- Declare an authentication-manager to use a custom userDetailsService -->
<security:authentication-manager>
<security:authentication-provider
user-service-ref="customUserDetailsService">
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the
database -->
<bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="passwordEncoder" />
<bean id="customUserDetailsService" class="com.groupdealclone.app.service.AccountService" />
<bean id="accountDao" class="com.groupdealclone.app.dao.JdbcAccountDao" />
</beans>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
/WEB-INF/spring/security-context.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!--
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
-->
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>hibernateFilter</filter-name>
<filter-class>
org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter
</filter-class>
</filter>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
</web-app>
@Autowired works just fine inside an UserDetailsService implementation. Something else must be wrong: your injected interface may not be in a scanned package, or something else.
To manually wire the beans, just do the following:
<bean id="customUserDetailsService"
class="com.groupdealclone.app.service.AccountService" >
<property name="accountDao" ref="accountDao" />
</bean>
加载中,请稍侯......
精彩评论