Spring Security 设置session

失效。

 

 

以下是成功配置：

 

 

 

 

Xml代码  

1. <?xml version="1.0" encoding="UTF-8"?>  
2. <beans xmlns="http://www.springframework.org/schema/beans"  
3.     xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
4.     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd   
5.                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"   
6.     default-lazy-init="true">  
7.   
8.     <description>SpringSecurity安全配置</description>  
9.   
10.     <!-- http安全配置 -->  
11.     <s:http auto-config="true" use-expressions="true">  
12.         <s:intercept-url pattern="/css/**" filters="none" />  
13.         <s:intercept-url pattern="/img/**" filters="none" />  
14.         <s:intercept-url pattern="/js/**" filters="none" />  
15.   
16.         <s:intercept-url pattern="/index.jsp" filters="none" />  
17.   
18.         <s:intercept-url pattern="/login.action"  
19.             access="hasAnyRole('ROLE_ANONYMOUS')" />  
20.         <s:intercept-url pattern="/logout.jsp"  
21.             access="hasAnyRole('ROLE_ANONYMOUS')" />  
22.         <s:intercept-url pattern="/main/**" access="hasAnyRole('ROLE_通用')" />  
23.   
24.         <s:intercept-url pattern="/public*"  
25.             access="hasAnyRole('ROLE_ANONYMOUS')" />  
26.   
27.         <s:intercept-url pattern="/public/test.action"  
28.             access="hasAnyRole('ROLE_ANONYMOUS')" />  
29.   
30.         <s:intercept-url pattern="/**" access="isAuthenticated()" />  
31.   
32.         <s:intercept-url pattern="/account/user!setSession*"  
33.             access="hasAnyRole('ROLE_通用')" />  
34.         <s:intercept-url pattern="/account/user!changepwd*"  
35.             access="hasAnyRole('ROLE_通用')" />  
36.   
37.         <s:intercept-url pattern="/account/user!save*" access="hasAnyRole('ROLE_修改用户')" />  
38.         <s:intercept-url pattern="/account/user!delete*"  
39.             access="hasAnyRole('ROLE_修改用户')" />  
40.         <s:intercept-url pattern="/account/user*" access="hasAnyRole('ROLE_浏览用户')" />  
41.   
42.         <s:intercept-url pattern="/account/role!save*" access="hasAnyRole('ROLE_修改角色')" />  
43.         <s:intercept-url pattern="/account/role!delete*"  
44.             access="hasAnyRole('ROLE_修改角色')" />  
45.         <s:intercept-url pattern="/account/role*" access="hasAnyRole('ROLE_浏览角色')" />  
46.   
47.         <s:intercept-url pattern="/lab/lab!save*" access="hasAnyRole('ROLE_修改实验室')" />  
48.         <s:intercept-url pattern="/lab/lab!delete*" access="hasAnyRole('ROLE_修改实验室')" />  
49.         <s:intercept-url pattern="/lab/lab*" access="hasAnyRole('ROLE_浏览实验室')" />  
50.   
51.         <s:form-login login-page="/login.action"  
52.             default-target-url="/main.action" authentication-failure-url="/login.action?error=true" />  
53.         <s:logout logout-success-url="/logout.jsp" />  
54.   
55.         <s:custom-filter before="FORM_LOGIN_FILTER" ref="appSessionProcessingFilter" />  
56.     </s:http>  
57.   
58.   
59.   
60.     <!-- 自定义成功和失败处理器,AppSessionSuccessHandler中设置了session -->  
61.     <bean id="appSessionProcessingFilter"  
62.         class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">  
63.         <property name="authenticationFailureHandler">  
64.             <bean  
65.                 class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">  
66.                 <property name="defaultFailureUrl" value="/pages/Login/login.do?error=true" />  
67.             </bean>  
68.         </property>  
69.         <property name="authenticationSuccessHandler">  
70.             <bean class="mis.service.account.AppSessionSuccessHandler">  
71.                 <property name="defaultTargetUrl" value="/" />  
72.             </bean>  
73.         </property>  
74.         <property name="authenticationManager" ref="authenticationManager"/>  
75.         <property name="filterProcessesUrl" value="/j_spring_security_check"/>  
76.     </bean>  
77.   
78.   
79.     <!-- 认证配置, 使用userDetailsService提供的用户信息 -->  
80.     <s:authentication-manager alias="authenticationManager">  
81.         <s:authentication-provider user-service-ref="userDetailsService">  
82.             <s:password-encoder hash="plaintext" />  
83.         </s:authentication-provider>  
84.     </s:authentication-manager>  
85.   
86.     <!-- 项目实现的用户查询服务 -->  
87.     <bean id="userDetailsService" class="mis.service.account.UserDetailsServiceImpl" />  
88. </beans>  

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"
	default-lazy-init="true">

	<description>SpringSecurity安全配置</description>

	<!-- http安全配置 -->
	<s:http auto-config="true" use-expressions="true">
		<s:intercept-url pattern="/css/**" filters="none" />
		<s:intercept-url pattern="/img/**" filters="none" />
		<s:intercept-url pattern="/js/**" filters="none" />

		<s:intercept-url pattern="/index.jsp" filters="none" />

		<s:intercept-url pattern="/login.action"
			access="hasAnyRole('ROLE_ANONYMOUS')" />
		<s:intercept-url pattern="/logout.jsp"
			access="hasAnyRole('ROLE_ANONYMOUS')" />
		<s:intercept-url pattern="/main/**" access="hasAnyRole('ROLE_通用')" />

		<s:intercept-url pattern="/public*"
			access="hasAnyRole('ROLE_ANONYMOUS')" />

		<s:intercept-url pattern="/public/test.action"
			access="hasAnyRole('ROLE_ANONYMOUS')" />

		<s:intercept-url pattern="/**" access="isAuthenticated()" />

		<s:intercept-url pattern="/account/user!setSession*"
			access="hasAnyRole('ROLE_通用')" />
		<s:intercept-url pattern="/account/user!changepwd*"
			access="hasAnyRole('ROLE_通用')" />

		<s:intercept-url pattern="/account/user!save*" access="hasAnyRole('ROLE_修改用户')" />
		<s:intercept-url pattern="/account/user!delete*"
			access="hasAnyRole('ROLE_修改用户')" />
		<s:intercept-url pattern="/account/user*" access="hasAnyRole('ROLE_浏览用户')" />

		<s:intercept-url pattern="/account/role!save*" access="hasAnyRole('ROLE_修改角色')" />
		<s:intercept-url pattern="/account/role!delete*"
			access="hasAnyRole('ROLE_修改角色')" />
		<s:intercept-url pattern="/account/role*" access="hasAnyRole('ROLE_浏览角色')" />

		<s:intercept-url pattern="/lab/lab!save*" access="hasAnyRole('ROLE_修改实验室')" />
		<s:intercept-url pattern="/lab/lab!delete*" access="hasAnyRole('ROLE_修改实验室')" />
		<s:intercept-url pattern="/lab/lab*" access="hasAnyRole('ROLE_浏览实验室')" />

		<s:form-login login-page="/login.action"
			default-target-url="/main.action" authentication-failure-url="/login.action?error=true" />
		<s:logout logout-success-url="/logout.jsp" />

		<s:custom-filter before="FORM_LOGIN_FILTER" ref="appSessionProcessingFilter" />
	</s:http>



	<!-- 自定义成功和失败处理器,AppSessionSuccessHandler中设置了session -->
	<bean 
		class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
		<property name="authenticationFailureHandler">
			<bean
				class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
				<property name="defaultFailureUrl" value="/pages/Login/login.do?error=true" />
			</bean>
		</property>
		<property name="authenticationSuccessHandler">
			<bean class="mis.service.account.AppSessionSuccessHandler">
				<property name="defaultTargetUrl" value="/" />
			</bean>
		</property>
		<property name="authenticationManager" ref="authenticationManager"/>
        <property name="filterProcessesUrl" value="/j_spring_security_check"/>
	</bean>


	<!-- 认证配置, 使用userDetailsService提供的用户信息 -->
	<s:authentication-manager alias="authenticationManager">
		<s:authentication-provider user-service-ref="userDetailsService">
			<s:password-encoder hash="plaintext" />
		</s:authentication-provider>
	</s:authentication-manager>

	<!-- 项目实现的用户查询服务 -->
	<bean  />
</beans>

 

Java代码  

1. package mis.service.account;   
2.   
3. import java.io.IOException;   
4.   
5. import javax.servlet.ServletException;   
6. import javax.servlet.http.HttpServletRequest;   
7. import javax.servlet.http.HttpServletResponse;   
8. import javax.servlet.http.HttpSession;   
9.   
10. import mis.dao.account.UserDao;   
11. import mis.entity.account.User;   
12.   
13. import org.springframework.beans.factory.annotation.Autowired;   
14. import org.springframework.security.core.Authentication;   
15. import org.springframework.security.core.userdetails.UserDetails;   
16. import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;   
17.   
18. public class AppSessionSuccessHandler extends  
19.         SavedRequestAwareAuthenticationSuccessHandler {   
20.     @Autowired  
21.     private UserDao userDao;   
22.     @Override    
23.     public void onAuthenticationSuccess(HttpServletRequest request,HttpServletResponse response,Authentication authentication)throws ServletException,IOException{   
24.         HttpSession session=request.getSession();   
25.         UserDetails userDetails = (UserDetails) authentication.getPrincipal();   
26.         User currentUser = userDao.findUnique("loginname", userDetails.getUsername().toString());   
27.         session.setAttribute("currentUser", currentUser);   
28.            
29.         System.out.println("do it success");   
30.   
31.     super.onAuthenticationSuccess(request,response,authentication);}   
32.     public UserDao getUserDao() {   
33.         return userDao;   
34.     }   
35.     public void setUserDao(UserDao userDao) {   
36.         this.userDao = userDao;   
37.     }}