package cn.net.cogent.summer.extension.appfuse.dao.hibernate;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import cn.net.cogent.summer.model.Customer;
import org.appfuse.dao.hibernate.GenericDaoHibernate;
import org.springframework.dao.DataAccessException;
import java.util.List;
public class CustomerDaoHibernate extends GenericDaoHibernate<Customer, Long> implements UserDetailsService {
public CustomerDaoHibernate() {
super(Customer.class);
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
List<Customer> users = getHibernateTemplate().find("from Customer where username=?", username);
if (users == null || users.isEmpty()) {
throw new UsernameNotFoundException("Customer '" + username + "' not found");
} else {
return (UserDetails) users.get(0);
}
}
}
可以看出CustomerDaoHibernate是取得一个Customer对象(实现了UserDetails接口),而不是Employee。
修改authenticationManager的配置如下:
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="customerDaoAuthenticationProvider"/>
<ref local="userDaoAuthenticationProvider"/>
<ref local="anonymousAuthenticationProvider"/>
<ref local="rememberMeAuthenticationProvider"/>
</list>
</property>
</bean>
在哪里捕获当前登录用户的用户类型标志,并传递给MKUDaoAuthenticationProvider呢?我决定增加一个名为PreAuthenticationProcessingFilter的Filter,放在AuthenticationProcessingFilter之前,代码如下:
package cn.net.cogent.summer.extension.acegisecurity.ui.webapp;
import cn.net.cogent.summer.extension.acegisecurity.providers.UserKindComparisonAware;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanFactoryUtils;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
public class PreAuthenticationProcessingFilter implements Filter, ApplicationContextAware {
public static final String ACEGI_SECURITY_FORM_USERKIND = "j_userkind";
private FilterConfig filterConfig;
private boolean initialized = false;
private Map targetBeans;
private String targetClass;
private ApplicationContext applicationContext;
public String getTargetClass() {
return targetClass;
}
public void setTargetClass(String targetClass) {
this.targetClass = targetClass;
}
public void setApplicationContext(ApplicationContext applicationContext) {
this.applicationContext = applicationContext;
}
public void destroy() {
}
public void init(FilterConfig filterConfig) throws ServletException {
this.filterConfig = filterConfig;
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException {
if (!(request instanceof HttpServletRequest)) {
throw new ServletException("Can only process HttpServletRequest");
}
if (!initialized) {
doInit();
}
String userKind = obtainUserKind((HttpServletRequest)request);
