堆栈内存溢出
  简体   繁体   English

多个身份验证提供程序:/ j_spring_security_check和社交登录

[英]Multiple authentication providers: /j_spring_security_check and social login

 原文  2016-09-28 12:40:25       java/ spring/ spring-security

问题描述

I have a problem with my security xml configuration. 我的安全xml配置有问题。 I am not able to access the username and password from my login form for local login (social login works fine) 我无法通过登录表单访问用户名和密码以进行本地登录(社交登录可以正常工作)

In very short: When the user submits the login form, the first emergence into my code is in UserDetailService 简而言之:当用户提交登录表单时,第一次出现在我的代码中的是UserDetailService 

public SpringSecurityLocalUser loadUserByUsername(final String userId) throws UsernameNotFoundException

where userId is an empty String. 其中,userId是一个空字符串。 Thus no way to authenticate. 因此无法进行身份验证。 How do I get access to username and password? 如何获得用户名和密码? Adviice would be much appreciated 咨询将不胜感激

UPDATE I am now quite confident the issue is due to my need for a seond authentication provider. 更新我现在非常有信心这个问题是由于我需要一个可靠的身份验证提供程序。 (ie, one local as well as one social). (即一个本地人和一个社交人)。 But not sure how to configure this 但不确定如何配置

security_applicationContext.xml security_applicationContext.xml 

 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <security:http use-expressions="true" entry-point-ref="appAuthenticationEntryPoint"> <security:intercept-url pattern="/login" access="permitAll()" /> <security:intercept-url pattern="/flow-entry.html" access="hasRole('ROLE_USER')"/> <security:intercept-url pattern="/flow-jobpostdata.html" access="permitAll()"/> <security:intercept-url pattern="/flow-jobpostdata_anydegree.html" access="permitAll()"/> <security:intercept-url pattern="/j_spring_security_check" access="permitAll()"/> <!-- Adds social authentication filter to the Spring Security filter chain. --> <security:custom-filter before="PRE_AUTH_FILTER" ref="socialAuthenticationFilter"/> <security:custom-filter position="FORM_LOGIN_FILTER" ref="SecurityAuthFilter"/> </security:http> <!-- authentication manager and its provider( social provider deals with social login & local user provider deals with form login ) --> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="socialAuthenticationProvider"/> <security:authentication-provider user-service-ref="localUserDetailService"/> </security:authentication-manager> <bean id="socialAuthenticationProvider" class="org.springframework.social.security.SocialAuthenticationProvider"> <constructor-arg ref="inMemoryUsersConnectionRepository"/> <constructor-arg ref="socialUserDetailService"/> </bean> <bean id="appAuthenticationEntryPoint" class=" jake.delivery.controller.welcome.AppAuthenticationEntryPoint"> <constructor-arg name="loginFormUrl" value="/login"/> <bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <constructor-arg name="defaultFailureUrl" value="/services/accessdenied"/> </bean> <bean class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" id="SecurityAuthFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationSuccessHandler" ref="successHandler"/> <property name="authenticationFailureHandler" ref="failureHandler"/> <property name="filterProcessesUrl" value="/j_spring_security_check"/> <property name="rememberMeServices" ref="rememberMeServices"/ </bean> <!-- social login filter which is a pre authentication filter and works for /auth service url --> <bean id="socialAuthenticationFilter" class="org.springframework.social.security.SocialAuthenticationFilter"> <constructor-arg name="authManager" ref="authenticationManager"/> <constructor-arg name="userIdSource" ref="userIdSource"/> <constructor-arg name="usersConnectionRepository" ref="inMemoryUsersConnectionRepository"/> <constructor-arg name="authServiceLocator" ref="appSocialAuthenticationServiceRegistry"/> <property name="authenticationSuccessHandler" ref="successHandler"/> </bean> <!-- inmemory connection repository which holds connection repository per local user --> <bean id="inMemoryUsersConnectionRepository" class="org.springframework.social.connect.mem.InMemoryUsersConnectionRepository"> <constructor-arg name="connectionFactoryLocator" ref="appSocialAuthenticationServiceRegistry"/> <property name="connectionSignUp" ref="connectionSignUp"/> </bean> <!-- service registry will holds connection factory of each social provider--> <bean id="appSocialAuthenticationServiceRegistry" class="jake.delivery.controller.welcome.AppSocialAuthenticationServiceRegistry"> <constructor-arg> <list> <ref bean="facebookAuthenticationService"/> </list> </constructor-arg> </bean> <bean id="facebookAuthenticationService" class="org.springframework.social.facebook.security.FacebookAuthenticationService"> <constructor-arg name="apiKey" value="xxxxxxx"/> <constructor-arg name="appSecret" value="xxxxxx"/> </bean> <bean id="userIdSource" class="org.springframework.social.security.AuthenticationNameUserIdSource"/> <bean id="connectionSignUp" class="jake.delivery.controller.welcome.AppConnectionSignUp"/> </beans>

UserDetailService implementation UserDetailService实施 

package jake.prototype2.service.loginservices;

import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import jake.prototype2.model.structure.SSm;

public class LocalUserDetailService implements UserDetailsService {



public LocalUserDetailService()
{
    SSm.getLogger().debug("init" );
}

@Override
@Transactional
public SpringSecurityLocalUser loadUserByUsername(final String userId) throws UsernameNotFoundException 
{

                SSm.getLogger().debug(this.getClass().getName()+"\n\n\n\n\n  I don't do anything yet\n\n\n\n\n\n",new Exception());
                SSm.getLogger().debug("userId" + userId);
                                    throw new UsernameNotFoundException("  fork me sideways  ");

}

} }

Stacktrace. 堆栈跟踪。 Although there has been no exception, I captured the stacktrace for reference purposes. 尽管也没有例外,但是我捕获了stacktrace以供参考。

java.lang.Exception at jake.prototype2.service.loginservices.LocalUserDetailService.loadUserByUsername(LocalUserDetailService.java:32) at jake.prototype2.service.loginservices.LocalUserDetailService.loadUserByUsername(LocalUserDetailService.java:16) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) at org.springframew 位于jake.prototype2.service.loginservices.LocalUserDetailService.loadUserByUsername(LocalUserDetailService.java:16)处的jake.prototype2.service.loginservices.LocalUserDetailService.loadUserByUsername(LocalUserDetailService.java:32)处的java.lang.Exception在sun.reflect.NativeMethodAccessorImpl处。在sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)处invoke0(本机方法)在java.lang.reflect.Method.invoke(Method.java:处)sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)处497),位于org.springframework.aop.framework的org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302),位于org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)。 .org.springframew.proceed(ReflectiveMethodInvocation.java:157)在org.springframework.transaction.interceptor.TransactionInterceptor $ 1.proceedWithInvocation(TransactionInterceptor.java:99)在org.springframew ork.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208) at com.sun.proxy.$Proxy50.loadUserByUsername(Unknown Source) at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:114) at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:144) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthe org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)上的ork.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)在org.springframework.aop.framework.ReflectiveMethodInvocation.vocation。 java:179)在org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)在com.sun.proxy。$ Proxy50.loadUserByUsername(Unknown Source)在org.springframework.security.authentication.dao.DaoAuthenticationProvider org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)上的org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:144)上的.retrieveUser(DaoAuthenticationProvider.java:114) org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthe nticationFilter.java:94) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) at org.springframework.web.filter.OncePerRequestFilter.doFilter nticationFilter.java:94),位于org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212),位于org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331)上的.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)在org.springframework.security.web.csrf org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331.org上的.CsrfFilter.doFilterInternal(CsrfFilter.java:124)在org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) )在org.springframework.web.filter.OncePerRequestFilter.doFilter上的org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) (OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFil (OncePerRequestFilter.java:107)在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331)在org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java :56),位于org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331),位于org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331)的org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)。位于org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.org)的web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) java:214)位于org.springframework.web.FilterChainProxy.doFilter(FilterChainProxy.java:177),位于org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFil) terProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core. org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)位于org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)位于org.apache.catalina org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107处的org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)处的.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) )在org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)在org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)在org.apache.catalina.core.StandardWrapperValve。在org.apache处的org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)处的org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)处的invoke(StandardWrapperValve.java:219) .catalina.core。 StandardHostValve.invoke(StandardHostValve.java:142) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.ja org.org.apache.catalina.valves.ErrorReportValve.invoke(StandardHostValve.java:142)org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)上的.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)在org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor) .java:1091),位于org.org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.doRun(NioEndpoint.java:1526),位于org.apache.coyote.AbstractProtocol $ AbstractConnectionHandler.process(AbstractProtocol.java:673)。 apache.tomcat.util.net.NioEndpoint $ SocketProcessor.run(NioEndpoint.java:1482)在java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)在java.util.concurrent.ThreadPoolExecutor $ Worker.run( org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.ja)上的ThreadPoolExecutor.java:617) va:61) at java.lang.Thread.run(Thread.java:745) va:61)at java.lang.Thread.run(Thread.java:745)

1 个解决方案

解决方案1
 1 已采纳  2016-09-28 17:29:14

The issue was actually to do with requiring multiple authentication providers. 问题实际上与需要多个身份验证提供程序有关。

It turns out that only one line of configuration was missing: 事实证明,仅缺少一行配置: 

<!--  authentication manager and its provider( social provider deals with social login & local user provider deals with form login ) -->
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="socialAuthenticationProvider"/>
    <security:authentication-provider ref="customAuthenticationProvider" />
    <security:authentication-provider user-service-ref="localUserDetailService"/>
</security:authentication-manager>

<bean id="customAuthenticationProvider" class="jake.delivery.controller.welcome.CustomAuthenticationProvider">
    <property name="auService" ref="auService" />
</bean>

I needed to add an additional line to authentication-manager for customAuthenticationProvider . 我需要在authentication-managercustomAuthenticationProvider添加一行。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 对/ j_spring_security_check的身份验证请求404错误 - Authentication request to /j_spring_security_check 404 Error j_spring_security_check始终重定向到登录 - j_spring_security_check always redirect to login Spring 3 安全 j_spring_security_check - Spring 3 Security j_spring_security_check j_spring_security_check 404 - j_spring_security_check 404 j_spring_security_check 404问题 - j_spring_security_check 404 issue 关于&#39;j_spring_security_check&#39;的404 - 404 on 'j_spring_security_check' 为什么选择j_spring_security_check 404? - Why j_spring_security_check 404? 如何重定向到 j_spring_security_check - How to redirect to j_spring_security_check Spring Security登录无需身份验证即可重定向到/ j_spring_security_check - Spring Security Login Redirects to /j_spring_security_check Without Authenticating Spring Security Login Error:HTTP Status 404 - / j_spring_security_check - Spring Security Login Error : HTTP Status 404 - /j_spring_security_check
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM