堆栈内存溢出
  简体   繁体   English

如何使用DaoAuthenticationProvider以编程方式使用Spring Security对用户进行身份验证

[英]How can I programmatically authenticate user with Spring Security using DaoAuthenticationProvider

 原文  2013-08-01 23:07:13       java/ spring/ authentication/ spring-security/ dao

问题描述

I was wondering what I am doing wrong here to authenticate a user. 我想知道我在这里做错了什么来验证用户。 I have an application where the user goes through several steps to activate their account, and upon doing so I would like to bypass the login form and take them directly to their dashboard. 我有一个应用程序,用户通过几个步骤来激活他们的帐户,这样做我想绕过登录表单并将它们直接带到他们的仪表板。

Here is what my automated login function looks like: 这是我的自动登录功能: 

protected void automatedLogin(String username, String password, HttpServletRequest request) {

        try {
            // Must be called from request filtered by Spring Security, otherwise SecurityContextHolder is not updated
            CustomUserDetailsService udService = new CustomUserDetailsService(userDAO, request);
            UserDetails uDetails = udService.loadUserByUsername(username);
            UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(uDetails, password);
            token.setDetails(new WebAuthenticationDetails(request));
            DaoAuthenticationProvider authenticator = new DaoAuthenticationProvider();
            Authentication authentication = authenticator.authenticate(token);
            SecurityContextHolder.getContext().setAuthentication(authentication);
        } catch (Exception e) {
            e.printStackTrace();
            SecurityContextHolder.getContext().setAuthentication(null);
        }

    }

I must use the DaoAuthenticationProvider class as my authentication provider. 我必须使用DaoAuthenticationProvider类作为我的身份验证提供程序。 I have verified that I am getting a UserDetails model containing the correct credentials, ID, authority roles, etc. 我已经验证我正在获取包含正确凭据,ID,权限角色等的UserDetails模型。

When it calls the authenticate method I run into a Null Pointer somewhere along the way in the DaoAuthenticationProvider class: 当它调用authenticate方法时,我会在DaoAuthenticationProvider类中的某个地方遇到Null Pointer:

org.springframework.security.authentication.AuthenticationServiceException at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:109) at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:132) at com.bosch.actions.BaseController.doAutoLogin(BaseController.java:659) . org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:109)org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate上的org.springframework.security.authentication.AuthenticationServiceException(AbstractUserDetailsAuthenticationProvider.java:132 )在com.bosch.actions.BaseController.doAutoLogin(BaseController.java:659)。 . . Caused by: java.lang.NullPointerException at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:101) 引起:org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:101)中的java.lang.NullPointerException

I'm really not sure what is null, as I don't have the source code available. 我真的不确定什么是null,因为我没有可用的源代码。

Edit I was able to find the source code here - https://github.com/SpringSource/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java 编辑我能够在这里找到源代码 - https://github.com/SpringSource/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java

I was able to get around the Null Pointer by explicitly setting the UserDetailsService on the object: 通过在对象上显式设置UserDetailsS​​ervice,我能够绕过Null指针: 

authenticator.setUserDetailsService(udService);

But now I get bad credentials exception when I know the password provided is correct, because I've seen it in the debugger in the UserDetails object set earlier in the code. 但是,当我知道提供的密码是正确的时,我得到了错误的凭证异常,因为我已经在代码中早先的UserDetails对象中的调试器中看到了它。

org.springframework.security.authentication.BadCredentialsException: Bad credentials at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:87) at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149) org.springframework.security.authentication.BadCredentialsException:org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:87)中的错误凭据,位于org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider。 Java的:149)

1 个解决方案

解决方案1
 10 已采纳  2013-08-02 00:01:00

I was able to get the authentication working by piecing together all of the properties defined in the spring bean definition and setting them programmatically on the DaoAuthenticationProvider object. 我能够通过将Spring bean定义中定义的所有属性拼凑在一起并在DaoAuthenticationProvider对象上以编程方式设置它来获得身份验证。 Looking back this seems like it may have been a silly question, but I hope it helps someone! 回顾这看起来似乎是一个愚蠢的问题,但我希望它有助于某人!

Corrected Code: 更正代码: 

protected void automatedLogin(String username, String password, HttpServletRequest request) {

        try {
            // Must be called from request filtered by Spring Security, otherwise SecurityContextHolder is not updated
            CustomUserDetailsService udService = new CustomUserDetailsService(userDAO, request);
            CustomMd5PasswordEncoder passEncoder = new CustomMd5PasswordEncoder();
            ReflectionSaltSource saltSource = new ReflectionSaltSource();
            saltSource.setUserPropertyToUse("salt");
            UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
            token.setDetails(new WebAuthenticationDetails(request));
            DaoAuthenticationProvider authenticator = new DaoAuthenticationProvider();
            authenticator.setUserDetailsService(udService);
            authenticator.setPasswordEncoder(passEncoder);
            authenticator.setSaltSource(saltSource);
            Authentication authentication = authenticator.authenticate(token);
            SecurityContextHolder.getContext().setAuthentication(authentication);
        } catch (Exception e) {
            e.printStackTrace();
            SecurityContextHolder.getContext().setAuthentication(null);
        }

    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用Spring Security验证用户身份? - how to authenticate user using spring security? 如何使用Spring Security以编程方式验证`User`并使用我的`UserDetailsS​​ervie`实现? - How to programmatically authenticate `User` with spring security and use my `UserDetailsServie` implementation? 使用JPA的Spring安全性。如何配置applicationContext-security.XML文件?(使用DaoAuthenticationProvider) - Spring security using JPA. How to configure applicationContext-security.XML file?(using DaoAuthenticationProvider) 如何在spring security中只通过ip地址验证用户? - How can authenticate user by only ip address in spring security? 如何使用Spring Security针对db或ldap对用户进行动态身份验证? - How can I dynamically authenticate a user against the db or ldap with spring security? Spring Security无法验证用户 - Spring security not authenticate the user 如何使用带有Spring Security 5.1+的Google OIDC对用户进行身份验证 - How can I authenticate users using google OIDC with Spring Security 5.1+ 如何使用Spring-security以编程方式登录用户? - How to login a user programmatically using Spring-security? 如何使用spring security以编程方式记录用户 - how to log a user out programmatically using spring security Spring Security-找不到类DaoAuthenticationProvider - Spring security - Cannot find class DaoAuthenticationProvider
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM