[英]How to use a simple Spring Security AuthenticationProvider without logon page?
[英]How to use AuthenticationProvider Spring Security?
我是Spring的新手,我需要使用Spring Security进行身份验证方面的帮助。 另外,如果有人可以,请澄清一些时刻,(我将用(#{1- ..}标记)),因为一开始我有很多“魔术”和怪异的东西,即使在教程和文档阅读=(。
因此,我尝试实现AuthenticationProvider,如果我正确理解了authenticate()方法中的所有内容,则可以组织我的特定身份验证逻辑。 所以我的代码看起来像:
((#1)如果我理解正确,Spring会自动创建名称为value =“ customAuth”的bean,并且无需在任何上下文文件中说明此bean。对吗?) CustomAuthenticationProvider :
@Service(value = "customAuth")
public class CustomAuthenticationProvider implements AuthenticationProvider{
@Autowired
public Storages storage;
@Override
@Transactional
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String login = authentication.getName();
String password = authentication.getCredentials().toString();
final User user = storage.uSM.findByAuthorization(login, password);
if (user==null){
return null;
} else {
return new UsernamePasswordAuthenticationToken(login, password);
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/resources/spring-context.xml
classpath:/resources/spring-security.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/resources/spring-context.xml
classpath:/resources/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/secret/page</url-pattern>
</filter-mapping>
<mvc:default-servlet-handler/>
</web-app>
spring-security.xml :
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/secret/page" access="isAuthenticated()"/>
<form-login
login-page="/sign/in"
default-target-url="/secret/page"
authentication-failure-url="/sign/in"
password-parameter="password"
username-parameter="username"
/>
</http>
<authentication-manager>
<authentication-provider ref="customAuth"/>
</authentication-manager>
</beans:beans>
下一个是带有自定义登录表单的in.jsp文件。 如我所读,此表单将默认发送到/ login(我知道我们可以通过设置login-processing-url来更改它)。 第二个问题(第2个问题)与此“ /登录”有关。 据我了解,当我们将表单发布到/ login时,会将其发送给Spring类创建的表单,这些类将对其进行管理并将必要的数据提供给我们在此处设置的AuthorizationProvider: <authentication-provider ref="customAuth"/>
? 还是我错了? 无论如何,这是行不通的。 A尝试了很多变体,但没有人不起作用。 所以这是我的in.jsp :
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<c:if test="${failed==1}">
<font color="red">
Authentication failed. Wrong email/password.
</font>
</c:if>
<form action="${pageContext.servletContext.contextPath}/login" method="POST">
<label> E-mail </label>
<input type="email" name="username" required><br>
<label> Password </label>
<input type="password" name="password" required><br>
<input type="submit" value="Sign in"><br>
</form>
</body>
</html>
和In.java @Controller:
@Controller
@RequestMapping ("/sign/in")
public class In {
@RequestMapping (method = {RequestMethod.GET})
public String showForm(@RequestParam(required = false) Integer failed, ModelMap model){
model.addAttribute("failed", failed);
return "sign/in";
}
}
在这种情况下,我发布表单后,它将我重定向到/ login,并且由于不存在而发生404错误。
那么有人可以帮助修复它吗? 我将不胜感激任何解释,链接和想法。 提前致谢。
替代解决方案:
(#1)您应该使用“ customAuth”作为id创建bean,因为spring将使用该ID来使用CustomAuthenticationProvider
类,而@Service
不带任何参数就可以解决问题。(您可以尝试使用)
(#2)在in.jsp
提交登录页面in.jsp
,spring将处理您未在<form-login>
声明的login-processing-url=/login
事件中的信息。 是的,春天将引用CustomAuthenticationProvider
。 如果登录成功,spring会将您重定向到default-target-url="/secret/page"
。 如果登录失败,它将重定向到可用的允许页面。
我已经更改了部分代码
web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/resources/spring-context.xml
classpath:/resources/spring-security.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<mvc:default-servlet-handler/>
弹簧security.xml文件
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/sign/in" access="permitAll()" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login
login-page="/sign/in"
default-target-url="/secret/page"
authentication-failure-url="/sign/in"
password-parameter="password"
username-parameter="username"
/>
</http>
<authentication-manager>
<authentication-provider ref="customAuth"/>
</authentication-manager>
<beans:bean id="customAuth" class="xx.xxx.xxxx.CustomAuthenticationProvider" />
</beans:beans>
in.jsp
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<c:if test="${failed==1}">
<font color="red">
Authentication failed. Wrong email/password.
</font>
</c:if>
<form action="<c:url value='/login />'" method="POST">
<label> E-mail </label>
<input type="email" name="username" required><br>
<label> Password </label>
<input type="password" name="password" required><br>
<input type="submit" value="Sign in"><br>
</form>
</body>
404错误的原因是因为您需要使用/secret/page
定义控制器并返回所需的JSP文件。
希望它的帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.