我有一个简单的应用程序,可以在其中注册用户并对其进行身份验证。我已经使用编码了密码,并且能够成功对其进行身份验证。我在我的应用程序中使用Spring 3,Spring Security 3和Hibernate 3。
现在,我想用用户ID对他们的密码加盐,但是我无法实现此功能。有人可以帮我实现吗?我已经尝试了一段时间,但无法完成它。
这是我为用户添加ID并对其进行身份验证的代码。
xyz-security.xml
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/welcome.do" access="hasRole('ROLE_USER')" /> <form-login login-page="/login.do" authentication-failure-url="/login.do?login_error=1"/> <logout invalidate-session="true" logout-url="/logout" logout-success-url="/"/> </http> <beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <beans:property name="userDetailsService" ref="userDetailsService"/> </beans:bean> <beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> <beans:property name="providers"> <beans:list> <beans:ref local="daoAuthenticationProvider" /> </beans:list> </beans:property> </beans:bean> <authentication-manager> <authentication-provider user-service-ref="userDetailsService"> <password-encoder ref="passwordEncoder"> <salt-source ref="saltSource"/> </password-encoder> </authentication-provider> </authentication-manager> <!-- For hashing and salting user passwords --> <beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/> <beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource" p:userPropertyToUse="id"/>
UserDetailsAdapter.java
@Service("userDetailsAdapter") public class UserDetailsAdapter { private Long id; org.springframework.security.core.userdetails.User buildUserFromUserEntity(User userEntity) { String username = userEntity.getUsername(); String password = userEntity.getPassword(); boolean enabled = userEntity.isEnabled(); boolean accountNonExpired = true; boolean credentialsNonExpired = true; boolean accountNonLocked = true; Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); for (String authority: userEntity.getAuthorities()) { authorities.add(new GrantedAuthorityImpl(authority)); } this.id = userEntity.getId(); org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); return user; } public Long getId() { return id; } }
UserDetailsServiceImpl
@Service("userDetailsService") public class UserDetailsServiceImpl implements UserDetailsService { @Autowired private UserDao userDao; @Autowired private UserDetailsAdapter userDetailsAdapter; public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { UserDetails userDetails = null; User userEntity = userDao.findByUsername(username); if (userEntity == null) { throw new UsernameNotFoundException("user not found"); } userDetails = userDetailsAdapter.buildUserFromUserEntity(userEntity); return userDetails; } }
UserServiceImpl
@Service public class UserServiceImpl implements UserService { @Autowired private UserDao userDao; @Autowired private PasswordEncoder passwordEncoder; @Autowired private SaltSource saltSource; public User getByUsername(String username) { return userDao.findByUsername(username); } public User getByEmail(String email) { return userDao.findByEmail(email); } public void createUser(User user) { userDao.create(user); UserDetailsAdapter userDetailsAdapter = new UserDetailsAdapter(); org.springframework.security.core.userdetails.User userDetails = userDetailsAdapter.buildUserFromUserEntity(user); String password = userDetails.getPassword(); Object salt = saltSource.getSalt(userDetails); user.setPassword(passwordEncoder.encodePassword(password, salt)); userDao.update(user); } public void updateUser(User user) { userDao.update(user); } }
有人可以帮助我了解我在这里想念的东西吗?非常感谢。
ReflectionSaltSource从的实例中提取盐UserDetails。但是,您将其org.springframework.security.core.userdetails.User用作的实现UserDetails,并且它没有名为的属性id(而不是您在中具有此属性UserDetailsAdapter,这是没有意义的,因为UserDetailsAdapter它是单例的)。
ReflectionSaltSource
UserDetails
org.springframework.security.core.userdetails.User
id
UserDetailsAdapter
因此,您需要创建一个org.springframework.security.core.userdetails.Userwith id属性的子类,然后从中返回它UserDetailsAdapter。
