Spring Security 2 userDetailsS​​ervice问题上的自定义身份验证提供程序

Question

我使用默认的提供程序在webApp上安装了Spring Security 2.0.5。 现在要求已更改，我需要CustomAuthenticationProvider才能更改身份验证方式。

这是我的AuthenticationProvider

public class CustomAuthenticationProvider implements AuthenticationProvider {

@Autowired
private ParamsProperties paramsProperties;  

@SuppressWarnings("unchecked")
public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    //Check username and passwd
    String user = (String) authentication.getPrincipal();
    String pass = (String) authentication.getCredentials();
    if(StringUtils.isBlank(user) || StringUtils.isBlank(pass) ){
        throw new BadCredentialsException("Incorrect username/password");
    }

    //Create SSO
    SingleSignOnService service = new SingleSignOnService(paramsProperties.getServicesServer());
    try {
        //Check logged
        service.setUsername(authentication.getName());
        service.setPassword(authentication.getCredentials().toString());
        ClientResponse response = service.call();
        String result = response.getEntity(String.class);

        ObjectMapper mapper = new ObjectMapper();
        Map<String,Object> map = mapper.readValue(result, new TypeReference<Map<String,Object>>() {} );
        //Read code
        String code = (String)map.get("code");
        log.debug(" ** [Authenticate] Result: " + code );
        for (String s : (List<String>)map.get( "messages" ) ) {
            log.debug(" [Authenticate] Message: " + s );
        }

        if ( code.equals( "SESSION_CREATED" ) || code.equals( "SESSION_UPDATED" ) || code.equals( "SESSION_VERIFIED" ) ) {              
            UsernamePasswordAuthenticationToken tokenSSO = LoginHelper.getuserSringTokenFromAuthService(map);            
            return tokenSSO;                
        } else {
            return null;
        }
    } catch (Exception e) {
        e.printStackTrace();
        throw new AuthenticationServiceException( e.getMessage() );
    }
}


public boolean supports(Class authentication) {
    return authentication.equals(UsernamePasswordAuthenticationToken.class);
}

这是我的security.xml

<http>
  <form-login default-target-url ="/Login.html" always-use-default-target="true" login-page="/Login.html" login-processing-url="/j_spring_security_check"
        authentication-failure-url="/Login.html" />  
  <http-basic />
  <logout logout-success-url="/Login.html" />
</http>

<beans:bean id="myPasswordEncryptor"
    class="com.mycomp.comunes.server.spring.core.MyPasswordEncoder" lazy-init="true">
    <beans:constructor-arg>
        <beans:bean class="org.jasypt.util.password.ConfigurablePasswordEncryptor" />
    </beans:constructor-arg>
    <beans:constructor-arg ref="paramsProperties" />
</beans:bean>

<beans:bean id="passwordEncoder"
    class="org.jasypt.spring.security2.PasswordEncoder" lazy-init="true">
    <beans:property name="passwordEncryptor">
        <beans:ref bean="myPasswordEncryptor" />
    </beans:property>
</beans:bean>

<beans:bean id="authenticationProvider"
    class="com.mycomp.comunes.server.spring.manager.autenticacion.CustomAuthenticationProvider">
</beans:bean> 

<authentication-provider user-service-ref='authenticationProvider'>
    <password-encoder ref="passwordEncoder" />
</authentication-provider>

但是在部署时，我得到以下信息：

Caused by: java.lang.IllegalArgumentException: Cannot convert value of type [$Proxy112 implementing org.springframework.security.providers.AuthenticationProvider,org.springframework.aop.SpringProxy,org.springframework.aop.framework.Advised] to required type [org.springframework.security.userdetails.UserDetailsService] for property 'userDetailsService': no matching editors or conversion strategy found

有人可以帮忙吗？

Answer 1

您将authenticationProvider bean称为用户服务，但并非如此。

<authentication-provider user-service-ref='authenticationProvider'>

使用该旧版本的框架，我只能猜测这里已正确描述了使用自定义身份验证提供程序的方式。

不用说，强烈建议升级，如果仅此而已，则只是为了获得更轻松的支持。