0
我试图春季安全为我的登录表单整合,我有一个闹明白春安全如何验证的数据库登录:自定义Spring Security认证
所以我已经配置弹簧安全是这样的:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/logout" access="permitAll"/>
<intercept-url pattern="/denied" access="hasRole('ROLE_USER')"/>
<intercept-url pattern="/" access="hasRole('ROLE_USER')"/>
<intercept-url pattern="/user" access="hasRole('ROLE_USER')"/>
<intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')"/>
<form-login login-page="/login"
authentication-failure-url="/login/failure"
default-target-url="/"/>
<access-denied-handler error-page="/denied"/>
<logout invalidate-session="true"
logout-success-url="/logout/success"
logout-url="/logout"/>
</http>
<authentication-manager>
<authentication-provider user-service-ref="loginManager" >
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
这是我的形式;
<c:url var="loginUrl" value="/login"/>
<form method="post" action="${loginUrl}">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<div class="form_field">
<label for="login_name">Username/Email</label><br/>
<input class="field" id="login_name" type="text" name="username" autocomplete="off" />
</div>
<div class="form_field">
<label for="password">Password</label><br/>
<input class="field" id="password" type="password" name="password" />
</div>
</form>
这是我的控制器:
@RequestMapping("/login")
public String login(Model model, @RequestParam(required=false) String message) {
model.addAttribute("message", message);
LOGGER.info("Login");
return "/login";
}
@RequestMapping(value = "/denied")
public String denied() {
LOGGER.info("DENIE");
return "/login";
}
@RequestMapping(value = "/login/failure")
public String loginFailure() {
String message = "Login Failure!";
return "redirect:/login?message="+message;
}
@RequestMapping(value = "/logout/success")
public String logoutSuccess() {
String message = "Logout Success!";
return "redirect:/login?message="+message;
}
- 我不明白,难道我们需要调用@RequestParam获取用户名和密码,或春天的字符串会做它用,因为我已通知春天我的登录页面在配置中?
这是我的服务实现的UserDetailsService:
@Override
@Transactional(readOnly=true)
public UserDetails loadUserByUsername(String name)
throws UsernameNotFoundException {
LOGGER.info("Verify Customer's Account");
Login login = loginDao.getLoginByName(name.toLowerCase());
return new User(login.getName(), login.getPassword(),
true, true, true, true, 'ROLE_USER')));
}
- 由于我的服务实现的UserDetailsService,我有要覆盖的方法loadUserByUserName(名称)。我想知道如何用密码验证帐户,或者Spring也为我处理它(它在内部如何工作?)?
感谢您的回复。