[英]Spring Security Custom Authentication Provider 403 response
我正在嘗試在Spring Boot App中使用Spring Security實現一個簡單的自定義身份驗證提供程序,但它不起作用。
我的自定義身份驗證提供商是:
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider{
@Override
public Authentication authenticate(Authentication a) {
try{
List<GrantedAuthority> roles = new ArrayList<>();
roles.add(new SimpleGrantedAuthority("USER"));
UsernamePasswordAuthenticationToken u = new UsernamePasswordAuthenticationToken("usuario", "password", roles);
return u;
}catch(Exception e){
return null;
}
}
@Override
public boolean supports(Class<?> type) {
return true;
}
}
我的安全配置是這樣的:
@Configuration
@EnableWebSecurity
@EntityScan(basePackages = "sirio.io.models")
public class AppConfiguration {
@Configuration
@Order(1)
public static class ApiWebSecurity extends WebSecurityConfigurerAdapter{
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;
@Override
public void configure(HttpSecurity http) throws Exception{
http.antMatcher("/admin/**")
.authorizeRequests()
.anyRequest()
.hasRole("USER")
.and()
.httpBasic()
.and()
.authenticationProvider(customAuthenticationProvider);
}
}
}
我在CustomAuthProvider中確定了幾個斷點並且已經調用了但是我總是在瀏覽器中得到403響應
[編輯]嘗試了另一種類型的自定義身份驗證提供程序,但結果相同。
@Component
public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider{
@Override
protected void additionalAuthenticationChecks(UserDetails ud, UsernamePasswordAuthenticationToken upat) throws AuthenticationException {
}
@Override
protected UserDetails retrieveUser(String string, UsernamePasswordAuthenticationToken upat) throws AuthenticationException{
List<GrantedAuthority> authoritys = new ArrayList<>();
authoritys.add(new SimpleGrantedAuthority("USER"));
UserDetails ud = new User("usuario", "password", authoritys);
return ud;
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.