spring security如何验证密码(凭证)?
[英]How spring security authenticate the password(credential)?
问题描述
I get this work but don't quite understand the process behind: 
我得到了这项工作,但不太了解背后的过程:
<!-- Authentication Manager -->
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider user-service-ref="customUserDetailsService">
<sec:password-encoder ref="encoder"/>
</sec:authentication-provider>
</sec:authentication-manager>
<bean id="encoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder">
And in customUserDetailsService : 在customUserDetailsService :
@Component("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService {
............
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
User user = userService.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User '"+username+"' not found !");
}
return user;
}
}
The user service basically just validate user with his or her name, but without validate it's password. 用户服务基本上只是用他或她的名字验证用户,但没有验证它的密码。 But password-encoder does actually validate the password, so how Spring relate the encoder with User entity's password column? 但是password-encoder确实会验证密码,那么Spring如何将编码器与User实体的密码列相关联? Where is the process to validate the user password? 验证用户密码的过程在哪里?
Question2 问题2
How to customize the password validation process to intercept the decrypted password? 如何自定义密码验证过程来拦截解密的密码?
2 个解决方案
解决方案1
2 已采纳 2014-01-15 17:00:02
Your User class should have implemented UserDetails that has the method getPassword() . 您的User类应该已经实现了具有getPassword()方法的UserDetails 。 As it's a Spring interface, they call this method when needed. 由于它是一个Spring接口,因此在需要时会调用此方法。
解决方案2
0 2018-10-12 22:16:44
接受的答案对我不起作用,我必须创建org.springframework.security.authentication.AuthenticationProvider的自定义实现
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.