[英]How spring security authenticate the password(credential)?
I get this work but don't quite understand the process behind: 我得到了这项工作,但不太了解背后的过程:
<!-- Authentication Manager -->
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider user-service-ref="customUserDetailsService">
<sec:password-encoder ref="encoder"/>
</sec:authentication-provider>
</sec:authentication-manager>
<bean id="encoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder">
And in customUserDetailsService
: 在
customUserDetailsService
:
@Component("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService {
............
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
User user = userService.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User '"+username+"' not found !");
}
return user;
}
}
The user service basically just validate user with his or her name, but without validate it's password. 用户服务基本上只是用他或她的名字验证用户,但没有验证它的密码。 But
password-encoder
does actually validate the password, so how Spring relate the encoder with User
entity's password column? 但是
password-encoder
确实会验证密码,那么Spring如何将编码器与User
实体的密码列相关联? Where is the process to validate the user password? 验证用户密码的过程在哪里?
How to customize the password validation process to intercept the decrypted password? 如何自定义密码验证过程来拦截解密的密码?
Your User
class should have implemented UserDetails
that has the method getPassword()
. 您的
User
类应该已经实现了具有getPassword()
方法的UserDetails
。 As it's a Spring interface, they call this method when needed. 由于它是一个Spring接口,因此在需要时会调用此方法。
接受的答案对我不起作用,我必须创建org.springframework.security.authentication.AuthenticationProvider
的自定义实现
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.