分享程序员开发的那些事...
更新时间:2023-12-04 23:29:46
有两个remember-me的元素被简单地覆盖彼此。拥有多个的UserDetailsService实例可以让你陷入困境了。例如,我想你可能有你的用户相关的数据。如果双方在记忆和JDBC的UserDetailsService实例中存在一个名为admin的用户的话,你怎么知道哪个管理用户的数据属于?由于这个原因,很可能***使用单个的UserDetailsService
Having two remember-me elements is simply overriding one another. Having multiple UserDetailsService instances can get you into trouble too. For example, I assume you likely have data associated with your users. If a user named admin exists in both the in memory and the jdbc UserDetailsService instances, then how do you know which admin user the data belongs to? For this reason, it is likely best to use a single UserDetailsService.
另外,您可以创建一个UserDetailsService中委托给多个的UserDetailsService实例。例如:
Alternatively you can create a UserDetailsService that delegates to multiple UserDetailsService instances. For example:
public class DelegatingUserDetailsService implements UserDetailsService {
private final List<UserDetailsService> userDetailsServices;
public DelegatingUserDetailsService(
List<UserDetailsService> userDetailsServices) {
this.userDetailsServices = userDetailsServices;
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
RuntimeException last = null;
for(UserDetailsService uds : userDetailsServices) {
try {
return uds.loadUserByUsername(username);
} catch(RuntimeException error) {
last = error;
}
}
throw last;
}
}
然后您可以记住,我用它来代替:
Then you can have remember-me use it instead:
<bean id="delegateUds" class="DelegatingUserDetailsService">
<constructor-arg>
<list>
<ref bean="jdbcUserSrv"/>
<ref bean="adminSrv"/>
</list>
</constructor-arg>
</bean>
<security:http auto-config="true">
<security:remember-me key="myAppKey" user-service-ref="delegateUds"/>
<security:form-login login-page="/login" default-target-url="/"
authentication-failure-url="/loginfailed" />
<security:logout logout-success-url="/logout"/>
</security:http>