总之,用户正在经过身份验证,但我似乎确实已经登录到用户帐户。
我目前正在一个项目上实施 LDAP 身份验证。看来,身份验证部分正在工作,因为我的应用程序确实接受了正确的凭据。我遇到的问题是我似乎无法在 jsp 视图中访问“principal”。(在切换到 LDAP 之前我能够访问所有这些)。运行跟踪时,我的 CustomUserDetails 服务正在查询并提取正确的帐户信息。任何帮助表示赞赏
这将显示正确的用户名:
<sec:authorize access="isAuthenticated()">
<h2><sec:authentication property="name"/></h2>
</sec:authorize>
这不起作用(它在 LDAP 之前确实有效)
<sec:authorize access="isAuthenticated()">
<h2><sec:authentication property="principal.firstName"/></h2>
</sec:authorize>
相关代码SecurityConfig.java
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
private CustomUserDetailsService userDetailsService;
@Bean
public CustomSaltSource customSaltSource(){ return new CustomSaltSource();}
@Bean
public AuthenticationSuccessHandler myAuthenticationSuccessHandler(){
return new AuthenticationSuccessHandler();
}
@Autowired
void configureGlobal(AuthenticationManagerBuilder auth) throws …