spring2.0 security

1.把spring-security-samples-tutorial-2.0.4改成从数据库读取用户:

<authentication-provider>
    <!--
        <password-encoder hash="md5"/>
        <user-service>
            <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
         <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
            <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER,ROLE_TELLER" />
            <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
     </user-service>
      -->
     <jdbc-user-service data-source-ref="dataSource"
       users-by-username-query="SELECT name,password,enabled FROM user WHERE name = ?"
       authorities-by-username-query="SELECT name,rolename FROM roles WHERE name = ?" />
 </authentication-provider>

 

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
        <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
        <property name="url" value="jdbc:mysql://localhost:3306/zhangwei"/>
        <property name="username" value="root"/>
        <property name="password" value="pass"/>
    </bean>

增加以上内容就ok!

 

2009-07-30 16:08:48,828 DEBUG [com.opensymphony.xwork2.DefaultActionInvocation] - Executing action method = delete
2009-07-30 16:08:48,828 DEBUG [org.springframework.security.intercept.AbstractSecurityInterceptor] - Secure object: ReflectiveMethodInvocation: public abstract void com.service.DAOService.deleteWord(com.model.Word); target is of class [com.service.DAOServiceImpl]; ConfigAttributes: [ROLE_TELLER]
2009-07-30 16:08:48,843 DEBUG [org.springframework.web.context.support.XmlWebApplicationContext] - Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext@5dcec6]: org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent[source=ReflectiveMethodInvocation: public abstract void com.service.DAOService.deleteWord(com.model.Word); target is of class [com.service.DAOServiceImpl]]
??

 

 Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext@5dcec6]: org.springframework.security.event.authorization.AuthenticationCredentialsNotFoundEvent[source=ReflectiveMethodInvocation: public abstract void com.service.DAOService.deleteWord(com.model.Word); target is of class [com.service.DAOServiceImpl]]??

 

 

org.springframework.security.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
???

 

页面一点击<a></a>链接,principal object is null??

 

2.java.lang.ClassNotFoundException: org.springframework.core.NamedThreadLocal( 2.5的有这个类)

3.配置拦截:(只有拦截的url才会进行授权)

  <http auto-config="true">
        <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
        <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />

</ttp>