spring中需要手动设置authenticationManager吗?
加载 ApplicationContext 后,我收到如下警告:
_ INFO:未设置身份验证管理器。更改密码时不会对用户进行重新验证。 _
我的 Context.XML 文件是这样的:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.6.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<!-- =============== Security =============== -->
<sec:method-security-metadata-source
id="method-security-metadata-source">
<sec:protect access="MyAccess"
method="springsecuritytest._00_base.AuthenticationTester.*" />
</sec:method-security-metadata-source>
<sec:global-method-security
access-decision-manager-ref="accessDecisionManager"
secured-annotations="enabled" pre-post-annotations="enabled"
proxy-target-class="true">
<sec:protect-pointcut
expression="execution(* springsecuritytest._00_base.AuthenticationTester.*(..))"
access="ROLE_USER_BASIC_099" />
<!-- <sec:protect-pointcut access="ROLE_USER_BASIC_099" expression="execution(*
springsecuritytest._00_base.AuthenticationTester.* (..))" /> -->
</sec:global-method-security>
<sec:authentication-manager alias="authenticationManager"
erase-credentials="true">
<sec:authentication-provider>
<sec:jdbc-user-service data-source-ref="dataSource" />
<!-- role-prefix="ROLE_" /> -->
</sec:authentication-provider>
</sec:authentication-manager>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<!-- <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/> -->
</list>
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/spring_security" />
<property name="username" value="root" />
<property name="password" value="" />
</bean>
有人可以帮助我吗?
After loading ApplicationContext I got a warning like this:
_ INFO: No authentication manager set. Reauthentication of users when changing passwords will not be performed. _
My Context.XML file is like this:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.6.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<!-- =============== Security =============== -->
<sec:method-security-metadata-source
id="method-security-metadata-source">
<sec:protect access="MyAccess"
method="springsecuritytest._00_base.AuthenticationTester.*" />
</sec:method-security-metadata-source>
<sec:global-method-security
access-decision-manager-ref="accessDecisionManager"
secured-annotations="enabled" pre-post-annotations="enabled"
proxy-target-class="true">
<sec:protect-pointcut
expression="execution(* springsecuritytest._00_base.AuthenticationTester.*(..))"
access="ROLE_USER_BASIC_099" />
<!-- <sec:protect-pointcut access="ROLE_USER_BASIC_099" expression="execution(*
springsecuritytest._00_base.AuthenticationTester.* (..))" /> -->
</sec:global-method-security>
<sec:authentication-manager alias="authenticationManager"
erase-credentials="true">
<sec:authentication-provider>
<sec:jdbc-user-service data-source-ref="dataSource" />
<!-- role-prefix="ROLE_" /> -->
</sec:authentication-provider>
</sec:authentication-manager>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<!-- <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/> -->
</list>
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/spring_security" />
<property name="username" value="root" />
<property name="password" value="" />
</bean>
any body can help me?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我发现了,好像是我使用的bean定义模型导致的。
I found it, it seems to be caused by the bean definition model I used.
我也在日志中遇到了这条模糊的消息。我必须在 xml 配置文件的 http 和 UserDetailsManager 中添加对身份验证管理器的引用。这将取决于 Spring 安全性的配置方式,但希望它会有所帮助!
I too was experiencing this nebulous message in the log. I had to add a reference to my authentication manager in the http and UserDetailsManager in the xml configuration file. This will depend on how Spring security is configured, but hopefully it will help!