0

我正在使用 spring security 3.2、JSF2、Hibernate4。

我已经完成了 3/4 的工作 :) 但我的身份验证系统还没有工作。

我有一个实现 UserDetailsS​​ervice 的 UserService,一个实现 UserDetails 的域类用户。

登录系统永远不会阻止用户访问安全页面,我尝试了数据库中不存在的用户名和密码......

谢谢您的帮助。

我有一个 loginBean,他在通过登录表单连接时尝试对用户进行身份验证:

public String login() {

        try {

            Authentication request = new UsernamePasswordAuthenticationToken(this.getUsername(), this.getPassword());
            Authentication result = authenticationManager.authenticate(request);
            SecurityContextHolder.getContext().setAuthentication(result);

        } catch (AuthenticationException e) { e.printStackTrace();}

        return "secured";
    }

我的春季安全看起来像这样:

`<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled" />

<security:http auto-config="true" use-expressions="true">
        <security:intercept-url pattern="/Admin" access="isAuthenticated()" />
        <security:form-login login-page="/login.xhtml" authentication-failure-url="/" >    </security:form-login>
    </security:http>

   <!-- User Data Access Object -->
   <beans:bean id="userDao" class="com.clb.genomic.lyon.dao.UserDaoImpl" >
        <beans:property name="sessionFactory" ref="sessionFactory"></beans:property>
   </beans:bean>

     <!-- User Business Object -->
   <beans:bean id="userBo" class="com.clb.genomic.lyon.bo.UserBoImpl" >
        <beans:property name="userDao" ref="userDao" />
   </beans:bean>


    <beans:bean id="login" class="com.clb.genomic.lyon.beans.LoginBean" scope ="request">
         <beans:property name="authenticationManager" ref="authenticationManager" /> 
     </beans:bean>

    <beans:bean id="standardPasswordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder"/>

   <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider user-service-ref="userBo" >
            <security:password-encoder ref="standardPasswordEncoder"/>   
        </security:authentication-provider>
    </security:authentication-manager>`

这是出现的错误...

org.springframework.security.authentication.AuthenticationServiceException: 1
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:109)
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:132)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at com.clb.genomic.lyon.beans.LoginBean.login(LoginBean.java:47).....

Caused by: java.lang.ArrayIndexOutOfBoundsException: 1
    at com.clb.genomic.lyon.dao.UserDaoImpl.loadUserByUsername(UserDaoImpl.java:59)
    at com.clb.genomic.lyon.bo.UserBoImpl.loadUserByUsername(UserBoImpl.java:68)
    at com.clb.genomic.lyon.bo.UserBoImpl$$FastClassByCGLIB$$9ea98abf.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204).....
4

1 回答 1

0

堆栈跟踪的异常表明您正在获取ArrayIndexOutOfBoundsException,并且您似乎正在从一个空数组中读取。

您还应该检查传递给loadUserByUsername()方法的值,以及该用户是否存在。

于 2013-10-04T17:00:16.740 回答