堆栈内存溢出
  繁体   English   中英

春季安全性不进行身份验证

[英]spring security does not authenticate

 原文  2014-01-13 12:06:54       java/ spring/ authentication/ spring-mvc/ spring-security

问题描述

我正在使用Spring Security 3.2.0和Spring Framework 4.x编写一个简单的Web应用程序。 我可以看到用户名/密码通过自定义身份验证提供程序,但是实际身份验证尚未完成; 也就是说,当输入错误的密码时,我仍然被带到帖子登录网址/ dashboard ...

web.xml 

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

    <context-param>
        <param-name>contextConfigLocation</param-name>
            <param-value>
                /WEB-INF/spring-config.xml
                /WEB-INF/spring-security-config.xml
            </param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <servlet>
        <servlet-name>frontController</servlet-name>
        <servlet-class>
        org.springframework.web.servlet.DispatcherServlet
    </servlet-class>
  </servlet>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

    <servlet-mapping>
        <servlet-name>frontController</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

    </web-app>

spring-security-config.xml 

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd">  
    <http>
        <intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/dashboard*" access="ROLE_USER" />

        <form-login login-page='/login' default-target-url='/dashboard'
            always-use-default-target='true' authentication-failure-url="/login?error=true" />
        <logout logout-success-url="/" />

    </http>    
    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="myAuthenticationProvider" />

    </authentication-manager>

</beans:beans>

自定义身份验证提供程序除了委派给用户服务外不执行任何操作: 

 public class AuthenticationProvider extends DaoAuthenticationProvider {
     //nothing here
 }

并且用户服务通过ID获取用户详细信息,并将其注入上面的auth提供程序中: 

public class UserLoginService implements UserDetailsService{

    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException {
    UserDetail ud = new UserDetail();
    User u = new User();
    ud.setUser(u);
    u.setUsername("reza");
    u.setPassword("reza");
    u.setAccountNonExpired(true);
    u.setAccountNonLocked(true);
    u.setCredentialsNonExpired(true);
    u.setEnabled(true);
    u.setRole("ROLE_USER");
    return ud;
    }


public class UserDetail implements org.springframework.security.core.userdetails.UserDetails {

    User user;
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(1);
         authList.add(new SimpleGrantedAuthority(user.getRole()));
        return authList;
    }
    @Override
    public String getPassword() {

        return user.getPassword();
    }
    @Override
    public String getUsername() {
        return user.getUsername();
    }
    @Override
    public boolean isAccountNonExpired() {
        return user.isAccountNonExpired();
    }
    @Override
    public boolean isAccountNonLocked() {
        return user.isAccountNonLocked();
    }
    @Override
    public boolean isCredentialsNonExpired() {
        return user.isCredentialsNonExpired();
    }
    @Override
    public boolean isEnabled() {
        return user.isEnabled();
    }
    public User getUser() {
        return user;
    }
    public void setUser(User user) {
        this.user = user;
    }
}

1 个解决方案

解决方案1
 0 已采纳  2014-01-15 02:53:15

我改写了auth提供程序上的authenticate方法,并调用了super.authenticate(),它起作用了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有XML配置的Spring Security无法验证用户 SpringBoot和Spring Security无法验证 Spring Security无法验证用户 Spring 安全性 - 使用用户名验证用户 Spring Security针对本地Linux帐户进行身份验证 访问被拒绝 - 无法验证登录 - spring 安全性 如何使用 Spring Security + Angular 登录/验证 为什么Spring Security InMemoryAuthentication无法对我进行身份验证 Spring Security对用户进行身份验证以输入管理员 如何使用Spring Security验证用户身份?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM