具有多个身份验证提供程序的Spring安全性-UsernameNotFoundException
[英]Spring security with multiple authentication providers - UsernameNotFoundException
问题描述
我们为2个身份验证提供程序提供了一个春季安全性配置:一个用于人类用户,第二个用于其他web应用程序(通过REST)。 请参阅我之前的问题: Web服务和用户的Spring安全性
现在的问题是,当Webapp发送用户名+密码时,Spring Security会先尝试用户身份验证提供程序,然后失败,然后再尝试其余的身份验证提供程序。
即使其余身份验证最终成功,这也会在日志中导致org.springframework.security.core.userdetails.UsernameNotFoundException 。 有办法防止这种情况发生吗?
配置为:
security.xml:
<security:http use-expressions="true">
<security:intercept-url pattern="/user/login"
access="permitAll" />
...
<security:intercept-url pattern="/**"
access="isAuthenticated()" />
<security:form-login
authentication-success-handler-ref="userAuthenticationSuccessHandler" />
<security:logout logout-url="/user/logout"
logout-success-url="/demo/user/logoutSuccess" />
</security:http>
<bean id="bCryptPasswordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="authenticationProvider">
</security:authentication-provider>
<security:authentication-provider
ref="restAuthenticationProvider">
</security:authentication-provider>
</security:authentication-manager>
rest-security.xml:
<security:http create-session="stateless"
entry-point-ref="digestEntryPoint" pattern="/provider/**"
use-expressions="true">
<security:intercept-url pattern="/provider/**"
access="isAuthenticated()" />
<security:http-basic />
<security:custom-filter ref="digestFilter"
after="BASIC_AUTH_FILTER" />
</security:http>
<bean id="digestFilter"
class="org.springframework.security.web.authentication.www.DigestAuthenticationFilter">
<property name="userDetailsService" ref="webappDetailsServiceImpl" />
<property name="authenticationEntryPoint" ref="digestEntryPoint" />
</bean>
<bean id="digestEntryPoint"
class="org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint">
<property name="realmName" value="Contacts Realm via Digest Authentication" />
<property name="key" value="acegi" />
</bean>
日志:
22 Jun 2014 10:43:46 ERROR LoggingAspect - Unhandled exception caught: ...UserDetailsServiceImpl loadUserByUsername
org.springframework.security.core.userdetails.UsernameNotFoundException: User with loginName: *** doesnt exist
at ...UserDetailsServiceImpl.loadUserByUsername(UserDetailsServiceImpl.java:30)
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:102)
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:132)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:409)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1044)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
22 Jun 2014 10:43:47 INFO LoggingAspect - Entering: ...WebappDetailsServiceImpl Method name: loadUserByUsername Method arguments : [1]
1 个解决方案
解决方案1
5 已采纳 2014-06-22 10:01:26
此stacktrace来自您自己的代码:UserDetailsServiceImpl第30行
根据Spring文档:
通常按顺序尝试AuthenticationProvider,直到提供非空响应为止。 非空响应表示提供者有权决定认证请求,并且不再尝试其他提供者。
发生什么了 ?
调用第一个authenticationManager(bean:authenticationProvider)并引发UserNameNotFoundException。 这是可以预期的,因为身份验证必须为此失败,并且必须通过restAnthenticationProvider成功。
stacktrace由LoggingAspect打印,并且存在问题 。 LoggingAspect抱怨“意外的异常”,但是这不是意外的。 Bean authenticationProvider完全遵守合同并抛出预期的异常。 因此,请修复LoggingAspect,以免它抱怨此异常。
请注意:只需反转身份验证提供程序的声明顺序即可解决该问题(至少对于所有其余请求而言)。 这种快速解决方法的缺点是,您很有可能会为所有人工身份验证请求获得同等的异常,因为所有这些首先都会针对restAuthenticationProvider失败。
Spring安全 - 使用多个身份验证提供程序进行身份验证
[英]Spring security - remember-me authentication with multiple authentication providers
如何处理 UsernameNotFoundException spring security
[英]How to handle UsernameNotFoundException spring security
Spring Security-如何使用Java Config配置多个身份验证提供程序
[英]Spring security - How to configure multiple authentication providers using java config
多个身份验证提供程序:/ j_spring_security_check和社交登录
[英]Multiple authentication providers: /j_spring_security_check and social login
Spring Boot / Spring Security根据路径在多个身份验证提供程序之间进行选择
[英]Spring Boot/Spring Security Choose Between Multiple Authentication Providers Based On Path
UsernameNotFoundException:Spring Boot + Spring Security中的登录表单不起作用
[英]UsernameNotFoundException: Login form in Spring Boot + Spring Security doesn't work
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Spring Security-多个身份验证提供者
Spring安全 - 使用多个身份验证提供程序进行身份验证
Spring 与多个提供商的安全性
了解Spring Security中的身份验证提供程序
如何处理 UsernameNotFoundException spring security
Spring Security-如何使用Java Config配置多个身份验证提供程序
多个身份验证提供程序:/ j_spring_security_check和社交登录
Spring Boot / Spring Security根据路径在多个身份验证提供程序之间进行选择
UsernameNotFoundException:Spring Boot + Spring Security中的登录表单不起作用
spring安全过滤器应该直接调用身份验证提
相关标签