[英]How can I programmatically authenticate user with Spring Security using DaoAuthenticationProvider
I was wondering what I am doing wrong here to authenticate a user. 我想知道我在这里做错了什么来验证用户。 I have an application where the user goes through several steps to activate their account, and upon doing so I would like to bypass the login form and take them directly to their dashboard.
我有一个应用程序,用户通过几个步骤来激活他们的帐户,这样做我想绕过登录表单并将它们直接带到他们的仪表板。
Here is what my automated login function looks like: 这是我的自动登录功能:
protected void automatedLogin(String username, String password, HttpServletRequest request) {
try {
// Must be called from request filtered by Spring Security, otherwise SecurityContextHolder is not updated
CustomUserDetailsService udService = new CustomUserDetailsService(userDAO, request);
UserDetails uDetails = udService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(uDetails, password);
token.setDetails(new WebAuthenticationDetails(request));
DaoAuthenticationProvider authenticator = new DaoAuthenticationProvider();
Authentication authentication = authenticator.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
} catch (Exception e) {
e.printStackTrace();
SecurityContextHolder.getContext().setAuthentication(null);
}
}
I must use the DaoAuthenticationProvider class as my authentication provider. 我必须使用DaoAuthenticationProvider类作为我的身份验证提供程序。 I have verified that I am getting a UserDetails model containing the correct credentials, ID, authority roles, etc.
我已经验证我正在获取包含正确凭据,ID,权限角色等的UserDetails模型。
When it calls the authenticate method I run into a Null Pointer somewhere along the way in the DaoAuthenticationProvider class: 当它调用authenticate方法时,我会在DaoAuthenticationProvider类中的某个地方遇到Null Pointer:
org.springframework.security.authentication.AuthenticationServiceException at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:109) at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:132) at com.bosch.actions.BaseController.doAutoLogin(BaseController.java:659) .
org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:109)org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate上的org.springframework.security.authentication.AuthenticationServiceException(AbstractUserDetailsAuthenticationProvider.java:132 )在com.bosch.actions.BaseController.doAutoLogin(BaseController.java:659)。 .
。 .
。 Caused by: java.lang.NullPointerException at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:101)
引起:org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:101)中的java.lang.NullPointerException
I'm really not sure what is null, as I don't have the source code available. 我真的不确定什么是null,因为我没有可用的源代码。
Edit I was able to find the source code here - https://github.com/SpringSource/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java 编辑我能够在这里找到源代码 - https://github.com/SpringSource/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
I was able to get around the Null Pointer by explicitly setting the UserDetailsService on the object: 通过在对象上显式设置UserDetailsService,我能够绕过Null指针:
authenticator.setUserDetailsService(udService);
But now I get bad credentials exception when I know the password provided is correct, because I've seen it in the debugger in the UserDetails object set earlier in the code. 但是,当我知道提供的密码是正确的时,我得到了错误的凭证异常,因为我已经在代码中早先的UserDetails对象中的调试器中看到了它。
org.springframework.security.authentication.BadCredentialsException: Bad credentials at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:87) at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149)
org.springframework.security.authentication.BadCredentialsException:org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:87)中的错误凭据,位于org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider。 Java的:149)
I was able to get the authentication working by piecing together all of the properties defined in the spring bean definition and setting them programmatically on the DaoAuthenticationProvider object. 我能够通过将Spring bean定义中定义的所有属性拼凑在一起并在DaoAuthenticationProvider对象上以编程方式设置它来获得身份验证。 Looking back this seems like it may have been a silly question, but I hope it helps someone!
回顾这看起来似乎是一个愚蠢的问题,但我希望它有助于某人!
Corrected Code: 更正代码:
protected void automatedLogin(String username, String password, HttpServletRequest request) {
try {
// Must be called from request filtered by Spring Security, otherwise SecurityContextHolder is not updated
CustomUserDetailsService udService = new CustomUserDetailsService(userDAO, request);
CustomMd5PasswordEncoder passEncoder = new CustomMd5PasswordEncoder();
ReflectionSaltSource saltSource = new ReflectionSaltSource();
saltSource.setUserPropertyToUse("salt");
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
token.setDetails(new WebAuthenticationDetails(request));
DaoAuthenticationProvider authenticator = new DaoAuthenticationProvider();
authenticator.setUserDetailsService(udService);
authenticator.setPasswordEncoder(passEncoder);
authenticator.setSaltSource(saltSource);
Authentication authentication = authenticator.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
} catch (Exception e) {
e.printStackTrace();
SecurityContextHolder.getContext().setAuthentication(null);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.