Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Service("userDetailsService")
- public class UserServiceImpl implements UserService , UserDetailsService {
- @Autowired
- private UserDAO userDAO;
- public void setUserDAO(UserDAO userDAO) {
- this.userDAO = userDAO;
- }
- @Override
- public User getUser(String login) {
- return userDAO.getUser(login);
- }
- @Override
- public UserDetails loadUserByUsername(String login) throws UsernameNotFoundException {
- com.arpu.model.User domainUser = userDAO.getUser(login);
- boolean enabled = true;
- boolean accountNonExpired = true;
- boolean credentialsNonExpired = true;
- boolean accountNonLocked = true;
- return new org.springframework.security.core.userdetails.User(
- domainUser.getLogin(),
- domainUser.getPassword(),
- enabled,
- accountNonExpired,
- credentialsNonExpired,
- accountNonLocked,
- getAuthorities(domainUser.getRole().getId())
- );
- }
- public Collection<? extends GrantedAuthority> getAuthorities(Integer role) {
- List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
- return authList;
- }
- public List<String> getRoles(Integer role) {
- List<String> roles = new ArrayList<String>();
- if (role.intValue() == 1) {
- roles.add("ROLE_ADMIN");
- } else if (role.intValue() == 2) {
- roles.add("ROLE_USER");
- }
- return roles;
- }
- public static List<GrantedAuthority> getGrantedAuthorities(List<String> roles) {
- List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
- for (String role : roles) {
- authorities.add(new SimpleGrantedAuthority(role));
- }
- return authorities;
- }
- }
- public class UserDAOImpl implements UserDAO{
- private static final Logger logger = LoggerFactory.getLogger(UserDAOImpl.class);
- @Autowired
- private SessionFactory sessionFactory;
- private Session openSession() {
- return sessionFactory.getCurrentSession();
- }
- public void setSessionFactory(SessionFactory sessionFactory) {
- this.sessionFactory = sessionFactory;
- }
- @Override
- public User getUser(String login) {
- List<User> userList = new ArrayList<User>();
- Query query = openSession().createQuery("from users where login = :login");
- query.setParameter("login", login);
- userList = query.list();
- if (userList.size() > 0)
- {
- logger.debug("User loaded successfully, user Details=" + userList.get(0));
- return userList.get(0);
- }
- else
- return null;
- }
- }
- <?xml version="1.0" encoding="UTF-8"?>
- <beans:beans xmlns="http://www.springframework.org/schema/security"
- xmlns:beans="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd">
- <http auto-config="true" use-expressions="true">
- <intercept-url pattern="/login" access="permitAll" />
- <intercept-url pattern="/logout" access="permitAll" />
- <intercept-url pattern="/accessdenied" access="permitAll" />
- <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
- <form-login login-page="/login" username-parameter="username" password-parameter="password" default-target-url="/view" authentication-failure-url="/accessdenied" />
- <logout logout-success-url="/logout" />
- </http>
- <authentication-manager alias="authenticationManager">
- <authentication-provider user-service-ref="userDetailsService">
- </authentication-provider>
- </authentication-manager>
- <beans:bean id="userDetailsService" class="com.arpu.service.UserServiceImpl">
- </beans:bean>
- </beans:beans>
- <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
- <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
- <%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %>
- <html>
- <body>
- <h1 id="banner">Login to IMDB</h1>
- <form name="f" action="<c:url value='j_spring_security_check'/>"
- method="POST">
- <table>
- <tr>
- <td>Username:</td>
- <td><input type='text' name='username' /></td>
- </tr>
- <tr>
- <td>Password:</td>
- <td><input type='password' name='password'></td>
- </tr>
- <tr>
- <td colspan="2"> </td>
- </tr>
- <tr>
- <td colspan='2'><input name="Sign In" type="submit"> <input name="reset" type="reset"></td>
- </tr>
- </table>
- </form>
- </body>
- </html>
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@38d408bb. A new one will be created.
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_check at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /j_spring_security_check at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Request is to process authentication
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@1f4498b0
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.a.SimpleUrlAuthenticationFailureHandler - Redirecting to /accessdenied
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to '/IMDBweb/accessdenied'
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@38d408bb. A new one will be created.
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.s.DefaultSavedRequest - pathInfo: both null (property equals)
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.s.DefaultSavedRequest - queryString: both null (property equals)
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.s.DefaultSavedRequest - requestURI: arg1=/IMDBweb/; arg2=/IMDBweb/accessdenied (property not equals)
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.s.HttpSessionRequestCache - saved request doesn't match
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 0f65173179310d79e2dc682c85d7; Granted Authorities: ROLE_ANONYMOUS'
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/accessdenied'; against '/login'
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/accessdenied'; against '/logout'
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/accessdenied'; against '/accessdenied'
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /accessdenied; Attributes: [permitAll]
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 0f65173179310d79e2dc682c85d7; Granted Authorities: ROLE_ANONYMOUS
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@28e7e24a, returned: 1
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
- Info: 2017-08-14 15:37:29 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
- Info: 2017-08-14 15:37:29 DEBUG o.s.security.web.FilterChainProxy - /accessdenied reached end of additional filter chain; proceeding with original chain
- Info: 2017-08-14 15:37:29 DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'appServlet' processing GET request for [/IMDBweb/accessdenied]
- Info: 2017-08-14 15:37:29 DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Looking up handler method for path /accessdenied
- Info: 2017-08-14 15:37:29 DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Returning handler method [public java.lang.String com.arpu.controller.UserController.loginerror(org.springframework.ui.ModelMap)]
- Info: 2017-08-14 15:37:29 DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'userController'
- Info: 2017-08-14 15:37:29 DEBUG o.s.web.servlet.DispatcherServlet - Last-Modified value for [/IMDBweb/accessdenied] is: -1
- Info: 2017-08-14 15:37:29 DEBUG o.s.b.f.s.DefaultListableBeanFactory - Invoking afterPropertiesSet() on bean with name 'denied'
- Info: 2017-08-14 15:37:29 DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'org.springframework.transaction.config.internalTransactionAdvisor'
- Info: 2017-08-14 15:37:29 DEBUG o.s.web.servlet.DispatcherServlet - Rendering view [org.springframework.web.servlet.view.JstlView: name 'denied'; URL [/WEB-INF/views/denied.jsp]] in DispatcherServlet with name 'appServlet'
- Info: 2017-08-14 15:37:29 DEBUG o.s.web.servlet.view.JstlView - Added model object 'error' of type [java.lang.String] to request in view with name 'denied'
- Info: 2017-08-14 15:37:29 DEBUG o.s.web.servlet.view.JstlView - Forwarding to resource [/WEB-INF/views/denied.jsp] in InternalResourceView 'denied'
- Info: 2017-08-14 15:37:30 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
- Info: 2017-08-14 15:37:30 DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
- Info: 2017-08-14 15:37:30 DEBUG o.s.web.servlet.DispatcherServlet - Successfully completed request
- Info: 2017-08-14 15:37:30 DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
- Info: 2017-08-14 15:37:30 DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement