堆栈内存溢出
  简体   繁体   English

Spring Security 3.x:在没有UserDetailsS​​ervice的情况下创建自定义身份验证提供程序

[英]Spring Security 3.x: Creating a custom authentication provider without a UserDetailsService

 原文  2011-02-02 20:56:47       java/ spring-security

问题描述

I created a custom authentication provider by extending AbstractUserDetailsAuthenticationProvider that authenticates the user against the database and performs additional authorization checks. 我通过扩展AbstractUserDetailsAuthenticationProvider创建了一个自定义身份验证提供程序,该提供程序根据数据库对用户进行身份验证并执行其他授权检查。

The annoyance I'm facing is the authentication provider requires me to wire a UserDetailsService . 我面临的烦恼是身份验证提供程序要求我连接UserDetailsService At least for this project, I have no needs for UserDetailsService because if I have the authentication provider to pull the user information to perform authentication/authorization, I don't see a need to have the UserDetailsService to pull the same user information to construct the UserDetails object. 至少对于这个项目,我不需要UserDetailsService因为如果我有身份验证提供程序来提取用户信息以执行身份验证/授权,我认为不需要让UserDetailsService提取相同的用户信息来构建UserDetails对象。

So, right now, I have to wire a dummy UserDetailsService into my authentication provider and it does absolutely nothing. 所以,现在,我必须将一个虚拟的UserDetailsService到我的身份验证提供程序中,它绝对没有做任何事情。

Is it possible to create an authentication provider without a UserDetailsService ? 是否可以在没有UserDetailsService情况下创建身份验证提供程序?

2 个解决方案

解决方案1
 3 已采纳  2011-02-03 02:18:58

Looking at the code for AbstractUserDetailsAuthenticationProvider (at least for version 3.0.5) it is not requiring UserDetailsService to be wired. 查看AbstractUserDetailsAuthenticationProvider的代码(至少对于版本3.0.5),它不需要连接UserDetailsS​​ervice。 Double check your XML configuration to make sure the DAOAuthenticationProvider is not being used. 仔细检查XML配置以确保未使用DAOAuthenticationProvider。

You should have a block like this 你应该有一个像这样的块 

<authentication-manager>
    <authentication-provider ref="yourAuthenticationProvider" />
</authentication-manager>

Also, log the exception you are getting to see exactly where it's getting thrown from. 此外,记录您正在查看的异常,以确切了解它从哪里被抛出。

解决方案2
 0  2011-05-02 12:59:22

The default authentication provider used by Spring will be DaoAuthenticationProvider (which extend AbstractUserDetailsAuthenticationProvider and does add some checks of it's own in doAfterPropertiesSet() ). Spring使用的默认身份验证提供程序将是DaoAuthenticationProvider (它扩展了AbstractUserDetailsAuthenticationProvider ,并在doAfterPropertiesSet()中添加了对它自己的一些检查)。

So that implementation does require a UserDetailsService but you can always just provide your own implementation of the provider, by extending AbstractUserDetailsAuthenticationProvider . 因此,实现确实需要UserDetailsService但您可以通过扩展AbstractUserDetailsAuthenticationProvider提供您自己的提供程序实现。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring Security 2 userDetailsS​​ervice问题上的自定义身份验证提供程序 - Custom Authentication Provider on Spring Security 2 userDetailsService issue Spring Security自定义身份验证 - AuthenticationProvider与UserDetailsS​​ervice - Spring Security Custom Authentication - AuthenticationProvider vs UserDetailsService 使用UserDetailsS​​ervice的Spring Security身份验证 - Spring Security authentication using UserDetailsService Spring Security:未调用自定义 UserDetailsS​​ervice(使用 Auth0 身份验证) - Spring Security: Custom UserDetailsService not being called (using Auth0 authentication) Spring Security和自定义身份验证提供程序 - Spring Security and Custom Authentication Provider Spring Security 自定义登录和自定义身份验证提供程序 - Spring Security Custom Login And Custom Authentication Provider 创建委派身份验证提供程序(Spring Security) - Creating a delegating authentication provider (Spring Security) Spring Security自定义UserDetailsS​​ervice和自定义User类 - Spring Security custom UserDetailsService and custom User class Spring Security自定义身份验证提供程序403响应 - Spring Security Custom Authentication Provider 403 response 使用Spring Security配置自定义LDAP身份验证提供程序 - Configuring a Custom LDAP Authentication Provider with Spring Security
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM