论坛首页 Java企业应用论坛

为什么这种spring security配置账号状态的验证变成无效:账号是否过期 是否启动等都不行

浏览 3039 次
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
作者 正文
   发表时间:2013-09-06  
<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.0.xsd">

	<!-- 配置登陆页面的切入点 -->
	<!-- entry-point-ref:安全退出后,再次请求受限资源时所跳转的URL -->
	<security:http use-expressions="true" entry-point-ref="authenticationEntryPoint"
		access-denied-page="/noAuth.jsp">
		<security:logout invalidate-session="true" logout-url="/logout"
			success-handler-ref="logoutFilter" />
		<security:intercept-url pattern="/admin/login.jsp"
			filters="none" />
		<security:intercept-url pattern="/views/shop/login.jsp"
			filters="none" />
		<security:intercept-url pattern="/admin/login"
			filters="none" />
		<security:intercept-url pattern="/admin/user/isonly"
			filters="none" />

		<!-- 配置session超时后跳转的页面,以及一个用户只能登陆一次 -->
		<security:session-management
			invalid-session-url="/sessionTimeOut.jsp">
			<security:concurrency-control
				max-sessions="1" />
		</security:session-management>
		<!-- 替换默认的登陆验证Filter -->
		<security:custom-filter ref="loginFilter"
			position="FORM_LOGIN_FILTER" />
		<security:custom-filter ref="FilterSecurityInterceptor"
			before="FILTER_SECURITY_INTERCEPTOR" />
	</security:http>

	<!-- ====================================================模块分割线==================================================== -->

	<!-- 配置登陆页面 -->
	<bean id="authenticationEntryPoint"
		class="com.softcj.security.login.MultipleAuthenticationEntryPoint">
		<property name="directUrlResolvers">
			<list>
				<ref bean="forendLoginEntry" />
				<ref bean="backLoginEntry" />
			</list>
		</property>
	</bean>

	<!-- 配置前台登陆 -->
	<bean id="forendLoginEntry" class="com.softcj.security.shared.DirectUrlResolverImpl">
		<property name="pattern" value="/shop"></property>
		<property name="directUrl" value="/views/shop/login.jsp"></property>
	</bean>

	<!-- 配置后台登陆 -->
	<bean id="backLoginEntry" class="com.softcj.security.shared.DirectUrlResolverImpl">
		<property name="pattern" value="/admin"></property>
		<property name="directUrl" value="/admin/login.jsp"></property>
	</bean>

	<!-- ====================================================模块分割线==================================================== -->

	<!-- 配置登出页面 -->
	<bean id="logoutFilter" class="com.softcj.security.logout.MultipleLogoutSuccessHandler">
		<property name="directUrlResolvers">
			<list>
				<ref bean="forendLogoutSuccessUrlResolver" />
				<ref bean="backendLogoutSuccessUrlResolver" />
			</list>
		</property>
	</bean>

	<!-- 配置前台登出 -->
	<bean id="forendLogoutSuccessUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
		<property name="parameterName" value="token"></property>
		<property name="pattern" value="forend"></property>
		<property name="directUrl" value="/views/shop/login.jsp" />
	</bean>

	<!-- 配置后台登出 -->
	<bean id="backendLogoutSuccessUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
		<property name="parameterName" value="token"></property>
		<property name="pattern" value="backend"></property>
		<property name="directUrl" value="/admin/login.jsp" />
	</bean>

	<!-- ====================================================模块分割线==================================================== -->

	<!-- 自定义登陆验证过滤器 -->
	<bean id="loginFilter"
		class="com.softcj.security.authentication.filter.MultipleUsernamePasswordAuthenticationFilter">
		<!-- 登陆页面URL -->
		<property name="filterProcessesUrl" value="/login_check" />
		<!-- 注入不同类型的用户凭证 -->
		<property name="tokenResolvers">
			<list>
				<ref bean="forendAuthenticationTokenResolver" />
				<ref bean="backendAuthenticationTokenResolver" />
			</list>
		</property>
		<!-- 校验用户名及密码,并对用户授权 -->
		<property name="authenticationManager" ref="authenticationManager" />
		<!-- 验证通过所执行的请求 -->
		<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
		<!-- 验证未通过所执行的请求 -->
		<property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
		<!-- 自动登录 -->
		<property name="rememberMeServices" ref="rememberMeServices"></property>
	</bean>

	<!-- ====================================================模块分割线==================================================== -->

	<!-- 构建前台登陆用户凭证 -->
	<bean id="forendAuthenticationTokenResolver"
		class="com.softcj.security.authentication.filter.ForendAuthenticationTokenResolver">
		<property name="parameterName" value="token" />
		<property name="parameterValue" value="forend" />
	</bean>

	<!-- 构建后台登陆用户凭证 -->
	<bean id="backendAuthenticationTokenResolver"
		class="com.softcj.security.authentication.filter.BackendAuthenticationTokenResolver">
		<property name="parameterName" value="token" />
		<property name="parameterValue" value="backend" />
	</bean>

	<!-- 登陆验证成功后的处理结果 -->
	<bean id="authenticationSuccessHandler"
		class="com.softcj.security.authentication.handler.MultipleAuthenticationSuccessHandler">
		<property name="directUrlResolvers">
			<list>
				<ref bean="forendAuthenticationSuccessUrlResolver" />
				<ref bean="backendAuthenticationSuccessUrlResolver" />
			</list>
		</property>
	</bean>

	<!-- 登陆验证失败后的处理结果 -->
	<bean id="authenticationFailureHandler"
		class="com.softcj.security.authentication.handler.MultipleAuthenticationFailureHandler">
		<property name="directUrlResolvers">
			<list>
				<ref bean="forendAuthenticationFailureUrlResolver" />
				<ref bean="backendAuthenticationFailureUrlResolver" />
			</list>
		</property>
	</bean>

	<!-- 前台验证成功后的处理结果 -->
	<bean id="forendAuthenticationSuccessUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
		<property name="parameterName" value="token" />
		<property name="pattern" value="forend" />
		<property name="directUrl" value="/shop/forend_page!main.action" />
	</bean>

	<!-- 前台验证失败后的处理结果 -->
	<bean id="forendAuthenticationFailureUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
		<property name="parameterName" value="token" />
		<property name="pattern" value="forend" />
		<property name="directUrl" value="/views/shop/login.jsp" />
	</bean>

	<!-- 后台验证成功后的处理结果 -->
	<bean id="backendAuthenticationSuccessUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
		<property name="parameterName" value="token" />
		<property name="pattern" value="backend" />
		<property name="directUrl" value="/admin/index" />
	</bean>

	<!-- 后台验证失败后的处理结果 -->
	<bean id="backendAuthenticationFailureUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
		<property name="parameterName" value="token" />
		<property name="pattern" value="backend" />
		<property name="directUrl" value="/admin/login" />
	</bean>

	<!-- ====================================================模块分割线==================================================== -->

	<!-- 配置Cookies自动登录 -->
	<bean id="rememberMeServices"
		class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
		<!-- Cookies保存的属性名 -->
		<property name="key" value="ZYL" />
		<!-- 页面多选框标签的属性名 -->
		<property name="parameter" value="rememberMe" />
		<!-- Cookies时间(秒) -->
		<property name="tokenValiditySeconds" value="1209600"></property>
		<property name="userDetailsService" ref="backendUserDetailsService" />
		<!-- <property name="tokenRepository" ref="tokenRepository" /> -->
	</bean>

	<!-- ====================================================模块分割线==================================================== -->

	<!-- 自定义权限认证过滤器 -->
	<bean id="FilterSecurityInterceptor"
		class="com.softcj.security.manage.filter.MultipleFilterSecurityInterceptor">
		<property name="authenticationManager" ref="authenticationManager" />
		<property name="securityMetadataSource" ref="multipleSecurityMetadataSource" />
		<property name="accessDecisionManager" ref="multipleAccessDecisionManager" />

	</bean>

	<!-- 配置访问的资源属性 -->
	<bean id="multipleSecurityMetadataSource"
		class="com.softcj.security.manage.metadata.MultipleFilterInvocationSecurityMetadataSource">
		<property name="metadataSources">
			<list>
				<ref bean="forendSecurityMetadataSource" />
				<ref bean="backendSecurityMetadataSource" />
			</list>
		</property>
	</bean>

	<!-- 前台资源 -->
	<bean id="forendSecurityMetadataSource"
		class="com.softcj.security.manage.metadata.ForendSecurityMetadataSource">
		<property name="pattern" value="/shop"></property>
	</bean>

	<!-- 后台资源 -->
	<bean id="backendSecurityMetadataSource"
		class="com.softcj.security.manage.metadata.BackendSecurityMetadataSource">
		<property name="pattern" value="/admin"></property>
	</bean>


	<!-- 配置访问决策器 -->
	<bean id="multipleAccessDecisionManager"
		class="com.softcj.security.manage.decide.MultipleAccessDecisionManager" />

	<!-- ====================================================模块分割线==================================================== -->

	<!-- 配置身份验证管理器 -->
	<security:authentication-manager alias="authenticationManager">
		<security:authentication-provider
			ref="multipleAuthenticationProvider">
		</security:authentication-provider>
	</security:authentication-manager>


	<!-- 配置身份验证器 -->
	<bean id="multipleAuthenticationProvider"
		class="com.softcj.security.authentication.provider.MultipleAuthenticationProvider">
		<property name="authenticationProviders">
			<list>
				<ref bean="forendAuthenticationProvider" />
				<ref bean="backendAuthenticationProvider" />
			</list>
		</property>
	</bean>

	<!-- 前台身份验证 -->
	<bean id="forendUserDetailsService"
		class="com.softcj.security.authentication.details.ForendUserDetailsService"></bean>

	<!-- 后台身份验证 -->
	<bean id="backendUserDetailsService"
		class="com.softcj.security.authentication.details.BackendUserDetailsService"></bean>

	<!-- 配置加密策略 -->
	<bean id="shaPasswordEncoder"
		class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
		<!-- 加密方式 SHA-256 -->
		<constructor-arg value="256" />
	</bean>

	<!-- 配置密码的盐值 -->
	<bean id="saltSource"
		class="org.springframework.security.authentication.dao.ReflectionSaltSource">
		<!-- 以用户名作为加密盐值 -->
		<property name="userPropertyToUse" value="username"></property>
	</bean>

	<!-- 前台验证器并构建新用户凭证 -->
	<bean id="forendAuthenticationProvider"
		class="com.softcj.security.authentication.provider.ForendAuthenticationProvider">
		<property name="userDetailsService" ref="forendUserDetailsService"></property>
		<property name="passwordEncoder" ref="shaPasswordEncoder"></property>
		<property name="saltSource" ref="saltSource"></property>
	</bean>

	<!-- 后台验证器并构建新用户凭证 -->
	<bean id="backendAuthenticationProvider"
		class="com.softcj.security.authentication.provider.BackendAuthenticationProvider">
		<property name="userDetailsService" ref="backendUserDetailsService"></property>
		<property name="passwordEncoder" ref="shaPasswordEncoder"></property>
		<property name="saltSource" ref="saltSource"></property>
	</bean>
</beans>

 这是XML配置文件

public class User extends BaseEntity implements UserDetails {

	private static final long serialVersionUID = -2400769758495080278L;
	private String username; // 用户名
	private String password; // 密码
	private String name;// 姓名
	private String email; // 邮箱
	private Date loginDate;// 最后登录日期
	private String loginIp;// 最后登录IP
	private String userAccountNonExpired; // 账号是否未过期
	private String userAccountNonLocked; // 账号是否未锁定
	private String userCredentialsNonExpired; // 账号凭证是否未过期
	private String userEnabled; // 账号是否可用
	private String roleIds;//该用户拥有角色ID集合
	private String roleNames;//该用户拥有角色名字集合
	private String organizationId;//所属机构ID
	private String organizationName;//所属机构名称

	// UserDetails的角色资源属性集合
	private Collection<GrantedAuthority> authorities;
	


	public String getUsername() {
		return username;
	}

	public void setUsername(String username) {
		this.username = username;
	}

	public String getPassword() {
		return password;
	}

	public void setPassword(String password) {
		this.password = password;
	}

	public String getName() {
		return name;
	}

	public void setName(String name) {
		this.name = name;
	}

	public String getEmail() {
		return email;
	}

	public void setEmail(String email) {
		this.email = email;
	}
	@JsonSerialize(using =CustomDateSerializer.class)
	public Date getLoginDate() {
		return loginDate;
	}

	public void setLoginDate(Date loginDate) {
		this.loginDate = loginDate;
	}

	public String getLoginIp() {
		return loginIp;
	}

	public void setLoginIp(String loginIp) {
		this.loginIp = loginIp;
	}


	public String getUserAccountNonExpired() {
		return userAccountNonExpired;
	}

	public void setUserAccountNonExpired(String userAccountNonExpired) {
		this.userAccountNonExpired = userAccountNonExpired;
	}

	public String getUserAccountNonLocked() {
		return userAccountNonLocked;
	}

	public void setUserAccountNonLocked(String userAccountNonLocked) {
		this.userAccountNonLocked = userAccountNonLocked;
	}

	public String getUserCredentialsNonExpired() {
		return userCredentialsNonExpired;
	}

	public void setUserCredentialsNonExpired(String userCredentialsNonExpired) {
		this.userCredentialsNonExpired = userCredentialsNonExpired;
	}

	public String getUserEnabled() {
		return userEnabled;
	}

	public void setUserEnabled(String userEnabled) {
		this.userEnabled = userEnabled;
	}

	public String getRoleIds() {
		return roleIds;
	}

	public void setRoleIds(String roleIds) {
		this.roleIds = roleIds;
	}

	public String getRoleNames() {
		return roleNames;
	}

	public void setRoleNames(String roleNames) {
		this.roleNames = roleNames;
	}

	public String getOrganizationId() {
		return organizationId;
	}

	public void setOrganizationId(String organizationId) {
		this.organizationId = organizationId;
	}

	public String getOrganizationName() {
		return organizationName;
	}

	public void setOrganizationName(String organizationName) {
		this.organizationName = organizationName;
	}

	// 重写此方法,获取用户权限集合
	@Transient
	public Collection<GrantedAuthority> getAuthorities() {
		return authorities;
	}

	public void setAuthorities(Collection<GrantedAuthority> authorities) {
		this.authorities = authorities;
	}

	@Transient
	public boolean isEnabled() {
		return false;
	}

	@Transient
	public boolean isAccountNonLocked() {
		return false;
	}

	@Transient
	public boolean isAccountNonExpired() {
		return false;
	}

	@Transient
	public boolean isCredentialsNonExpired() {
		return false;
	}

}

 这是javabean   这个user我返回的都是false了    为什么还是可以登录  是配置错误还是什么

   发表时间:2013-09-10  
com.softcj.security.authentication.provider.MultipleAuthenticationProvider
这个类给一下
你的authentication-manager有没有给出user-service-ref?需要看你这个userDetailService里面是如何处理的
0 请登录后投票
   发表时间:2013-09-30  
package com.test.security.authentication.details;

import java.util.Collection;
import java.util.HashSet;

import javax.annotation.Resource;

import org.springframework.dao.DataAccessException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.transaction.annotation.Transactional;

import com.test.dao.AdminDao;
import com.test.entity.Admin;
import com.test.entity.Bresource;
import com.test.entity.Brole;

public class BackendUserDetailsService implements UserDetailsService {

	@Resource(name = "adminDao")
	private AdminDao adminDao;

	public void setAdminDao(AdminDao adminDao) {
		this.adminDao = adminDao;
	}

	// 因为user实现了userDatils 接口,所以就可以直接返回user
	// 在这里必须启用事务管理,否则会导致session提前关闭
	@Transactional
	public UserDetails loadUserByUsername(String username)
			throws UsernameNotFoundException, DataAccessException {
		Admin admin = adminDao.findUserByName(username);
		if (admin == null) {
			throw new BadCredentialsException("UserName Not Found");
		}
		admin.setAuthorities(getGrantedAuthorities(admin));
		return admin;
	}

	// 获取用户权限集合,权限使用用GrantedAuthority表示,框架中 有他的实现类
	// GrantedAuthorityImpl 只需把角色名称放入即可
	public Collection<GrantedAuthority> getGrantedAuthorities(Admin user) {
		Collection<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
		for (Brole backendRole : user.getBackendRoles()) {
			for (Bresource backendResource : backendRole
					.getBackendResources()) {
				authorities.add(new GrantedAuthorityImpl(backendResource
						.getResourceName()));
			}
		}
		return authorities;
	}

}

 这就是实现

0 请登录后投票
论坛首页 Java企业应用版

跳转论坛:
Global site tag (gtag.js) - Google Analytics