[英]Spring Security 3.x: Creating a custom authentication provider without a UserDetailsService
I created a custom authentication provider by extending AbstractUserDetailsAuthenticationProvider
that authenticates the user against the database and performs additional authorization checks. 我通过扩展
AbstractUserDetailsAuthenticationProvider
创建了一个自定义身份验证提供程序,该提供程序根据数据库对用户进行身份验证并执行其他授权检查。
The annoyance I'm facing is the authentication provider requires me to wire a UserDetailsService
. 我面临的烦恼是身份验证提供程序要求我连接
UserDetailsService
。 At least for this project, I have no needs for UserDetailsService
because if I have the authentication provider to pull the user information to perform authentication/authorization, I don't see a need to have the UserDetailsService
to pull the same user information to construct the UserDetails
object. 至少对于这个项目,我不需要
UserDetailsService
因为如果我有身份验证提供程序来提取用户信息以执行身份验证/授权,我认为不需要让UserDetailsService
提取相同的用户信息来构建UserDetails
对象。
So, right now, I have to wire a dummy UserDetailsService
into my authentication provider and it does absolutely nothing. 所以,现在,我必须将一个虚拟的
UserDetailsService
到我的身份验证提供程序中,它绝对没有做任何事情。
Is it possible to create an authentication provider without a UserDetailsService
? 是否可以在没有
UserDetailsService
情况下创建身份验证提供程序?
Looking at the code for AbstractUserDetailsAuthenticationProvider (at least for version 3.0.5) it is not requiring UserDetailsService to be wired. 查看AbstractUserDetailsAuthenticationProvider的代码(至少对于版本3.0.5),它不需要连接UserDetailsService。 Double check your XML configuration to make sure the DAOAuthenticationProvider is not being used.
仔细检查XML配置以确保未使用DAOAuthenticationProvider。
You should have a block like this 你应该有一个像这样的块
<authentication-manager>
<authentication-provider ref="yourAuthenticationProvider" />
</authentication-manager>
Also, log the exception you are getting to see exactly where it's getting thrown from. 此外,记录您正在查看的异常,以确切了解它从哪里被抛出。
The default authentication provider used by Spring will be DaoAuthenticationProvider
(which extend AbstractUserDetailsAuthenticationProvider
and does add some checks of it's own in doAfterPropertiesSet()
). Spring使用的默认身份验证提供程序将是
DaoAuthenticationProvider
(它扩展了AbstractUserDetailsAuthenticationProvider
,并在doAfterPropertiesSet()
中添加了对它自己的一些检查)。
So that implementation does require a UserDetailsService
but you can always just provide your own implementation of the provider, by extending AbstractUserDetailsAuthenticationProvider
. 因此,实现确实需要
UserDetailsService
但您可以通过扩展AbstractUserDetailsAuthenticationProvider
提供您自己的提供程序实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.