了解Spring Security中的身份验证提供程序
[英]Understanding authentication providers in Spring security
问题描述
I am trying to understand authentication providers in Spring (3.1) and I have a question to what is really happening here. 
我试图了解Spring(3.1)中的身份验证提供程序,但对这里到底发生了什么有疑问。 I know that I use the namespace that gives easier access to functionality and configuration in the security module. 我知道我使用的命名空间可以更轻松地访问安全模块中的功能和配置。
When I have the following tags I get a provider manager which have a list of authentication providers. 当我具有以下标签时,我将获得一个提供程序管理器,其中包含身份验证提供程序的列表。 Now as I look at the AuthenticationProvider interface I wonder what kind of providers I get? 现在,当我查看AuthenticationProvider接口时,我想知道我获得了哪种提供程序? Am I right that I get a DaoAuthenticationProvider ? 我可以得到DaoAuthenticationProvider吗? Do I get other providers and how is it able to find out which providers to register (if this is how it is done)? 我可以获得其他提供商吗?如何找到要注册的提供商(如果这样做的话)?
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource" />
</security:authentication-provider>
</security:authentication-manager>
1 个解决方案
解决方案1
3 已采纳 2013-05-01 17:16:51
That's right you are going to get a DaoAuthenticationProvider with the above config. 没错,您将获得带有上述配置的DaoAuthenticationProvider 。 The documentation for <authentication-provider> clearly states: <authentication-provider>的文档明确指出:
Unless used with a
refattribute, this element is shorthand for configuring aDaoAuthenticationProvider.ref属性一起使用,否则此元素是配置DaoAuthenticationProvider简写。
The <authentication-provider> tag is parsed by AuthenticationProviderBeanDefinitionParser which invariably registers a DaoAuthenticationProvider injected with the specified UserDetailsService and other collaborators (passwordEncoder, saltSource, etc.). <authentication-provider>标记由AuthenticationProviderBeanDefinitionParser解析,该标识符始终注册使用指定UserDetailsService和其他协作者(passwordEncoder,saltSource等)注入的DaoAuthenticationProvider 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.