[英]Multiple authentication providers: /j_spring_security_check and social login
我的安全xml配置有問題。 我無法通過登錄表單訪問用戶名和密碼以進行本地登錄(社交登錄可以正常工作)
簡而言之:當用戶提交登錄表單時,第一次出現在我的代碼中的是UserDetailService
public SpringSecurityLocalUser loadUserByUsername(final String userId) throws UsernameNotFoundException
其中,userId是一個空字符串。 因此無法進行身份驗證。 如何獲得用戶名和密碼? 咨詢將不勝感激
更新我現在非常有信心這個問題是由於我需要一個可靠的身份驗證提供程序。 (即一個本地人和一個社交人)。 但不確定如何配置
security_applicationContext.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <security:http use-expressions="true" entry-point-ref="appAuthenticationEntryPoint"> <security:intercept-url pattern="/login" access="permitAll()" /> <security:intercept-url pattern="/flow-entry.html" access="hasRole('ROLE_USER')"/> <security:intercept-url pattern="/flow-jobpostdata.html" access="permitAll()"/> <security:intercept-url pattern="/flow-jobpostdata_anydegree.html" access="permitAll()"/> <security:intercept-url pattern="/j_spring_security_check" access="permitAll()"/> <!-- Adds social authentication filter to the Spring Security filter chain. --> <security:custom-filter before="PRE_AUTH_FILTER" ref="socialAuthenticationFilter"/> <security:custom-filter position="FORM_LOGIN_FILTER" ref="SecurityAuthFilter"/> </security:http> <!-- authentication manager and its provider( social provider deals with social login & local user provider deals with form login ) --> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="socialAuthenticationProvider"/> <security:authentication-provider user-service-ref="localUserDetailService"/> </security:authentication-manager> <bean id="socialAuthenticationProvider" class="org.springframework.social.security.SocialAuthenticationProvider"> <constructor-arg ref="inMemoryUsersConnectionRepository"/> <constructor-arg ref="socialUserDetailService"/> </bean> <bean id="appAuthenticationEntryPoint" class=" jake.delivery.controller.welcome.AppAuthenticationEntryPoint"> <constructor-arg name="loginFormUrl" value="/login"/> <bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <constructor-arg name="defaultFailureUrl" value="/services/accessdenied"/> </bean> <bean class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" id="SecurityAuthFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationSuccessHandler" ref="successHandler"/> <property name="authenticationFailureHandler" ref="failureHandler"/> <property name="filterProcessesUrl" value="/j_spring_security_check"/> <property name="rememberMeServices" ref="rememberMeServices"/ </bean> <!-- social login filter which is a pre authentication filter and works for /auth service url --> <bean id="socialAuthenticationFilter" class="org.springframework.social.security.SocialAuthenticationFilter"> <constructor-arg name="authManager" ref="authenticationManager"/> <constructor-arg name="userIdSource" ref="userIdSource"/> <constructor-arg name="usersConnectionRepository" ref="inMemoryUsersConnectionRepository"/> <constructor-arg name="authServiceLocator" ref="appSocialAuthenticationServiceRegistry"/> <property name="authenticationSuccessHandler" ref="successHandler"/> </bean> <!-- inmemory connection repository which holds connection repository per local user --> <bean id="inMemoryUsersConnectionRepository" class="org.springframework.social.connect.mem.InMemoryUsersConnectionRepository"> <constructor-arg name="connectionFactoryLocator" ref="appSocialAuthenticationServiceRegistry"/> <property name="connectionSignUp" ref="connectionSignUp"/> </bean> <!-- service registry will holds connection factory of each social provider--> <bean id="appSocialAuthenticationServiceRegistry" class="jake.delivery.controller.welcome.AppSocialAuthenticationServiceRegistry"> <constructor-arg> <list> <ref bean="facebookAuthenticationService"/> </list> </constructor-arg> </bean> <bean id="facebookAuthenticationService" class="org.springframework.social.facebook.security.FacebookAuthenticationService"> <constructor-arg name="apiKey" value="xxxxxxx"/> <constructor-arg name="appSecret" value="xxxxxx"/> </bean> <bean id="userIdSource" class="org.springframework.social.security.AuthenticationNameUserIdSource"/> <bean id="connectionSignUp" class="jake.delivery.controller.welcome.AppConnectionSignUp"/> </beans>
UserDetailService實施
package jake.prototype2.service.loginservices;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import jake.prototype2.model.structure.SSm;
public class LocalUserDetailService implements UserDetailsService {
public LocalUserDetailService()
{
SSm.getLogger().debug("init" );
}
@Override
@Transactional
public SpringSecurityLocalUser loadUserByUsername(final String userId) throws UsernameNotFoundException
{
SSm.getLogger().debug(this.getClass().getName()+"\n\n\n\n\n I don't do anything yet\n\n\n\n\n\n",new Exception());
SSm.getLogger().debug("userId" + userId);
throw new UsernameNotFoundException(" fork me sideways ");
}
}
堆棧跟蹤。 盡管也沒有例外,但是我捕獲了stacktrace以供參考。
位於jake.prototype2.service.loginservices.LocalUserDetailService.loadUserByUsername(LocalUserDetailService.java:16)處的jake.prototype2.service.loginservices.LocalUserDetailService.loadUserByUsername(LocalUserDetailService.java:32)處的java.lang.Exception在sun.reflect.NativeMethodAccessorImpl處。在sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)處invoke0(本機方法)在java.lang.reflect.Method.invoke(Method.java:處)sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)處497),位於org.springframework.aop.framework的org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302),位於org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)。 .org.springframew.proceed(ReflectiveMethodInvocation.java:157)在org.springframework.transaction.interceptor.TransactionInterceptor $ 1.proceedWithInvocation(TransactionInterceptor.java:99)在org.springframew org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)上的ork.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)在org.springframework.aop.framework.ReflectiveMethodInvocation.vocation。 java:179)在org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)在com.sun.proxy。$ Proxy50.loadUserByUsername(Unknown Source)在org.springframework.security.authentication.dao.DaoAuthenticationProvider org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)上的org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:144)上的.retrieveUser(DaoAuthenticationProvider.java:114) org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthe nticationFilter.java:94),位於org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212),位於org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331)上的.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)在org.springframework.security.web.csrf org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331.org上的.CsrfFilter.doFilterInternal(CsrfFilter.java:124)在org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) )在org.springframework.web.filter.OncePerRequestFilter.doFilter上的org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) (OncePerRequestFilter.java:107)在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331)在org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java :56),位於org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331),位於org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:331)的org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)。位於org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.org)的web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) java:214)位於org.springframework.web.FilterChainProxy.doFilter(FilterChainProxy.java:177),位於org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFil) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)位於org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)位於org.apache.catalina org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107處的org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)處的.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) )在org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)在org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)在org.apache.catalina.core.StandardWrapperValve。在org.apache處的org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)處的org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)處的invoke(StandardWrapperValve.java:219) .catalina.core。 org.org.apache.catalina.valves.ErrorReportValve.invoke(StandardHostValve.java:142)org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)上的.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)在org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor) .java:1091),位於org.org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.doRun(NioEndpoint.java:1526),位於org.apache.coyote.AbstractProtocol $ AbstractConnectionHandler.process(AbstractProtocol.java:673)。 apache.tomcat.util.net.NioEndpoint $ SocketProcessor.run(NioEndpoint.java:1482)在java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)在java.util.concurrent.ThreadPoolExecutor $ Worker.run( org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.ja)上的ThreadPoolExecutor.java:617) va:61)at java.lang.Thread.run(Thread.java:745)
問題實際上與需要多個身份驗證提供程序有關。
事實證明,僅缺少一行配置:
<!-- authentication manager and its provider( social provider deals with social login & local user provider deals with form login ) -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="socialAuthenticationProvider"/>
<security:authentication-provider ref="customAuthenticationProvider" />
<security:authentication-provider user-service-ref="localUserDetailService"/>
</security:authentication-manager>
<bean id="customAuthenticationProvider" class="jake.delivery.controller.welcome.CustomAuthenticationProvider">
<property name="auService" ref="auService" />
</bean>
我需要在authentication-manager為customAuthenticationProvider添加一行。
對/ j_spring_security_check的身份驗證請求404錯誤
[英]Authentication request to /j_spring_security_check 404 Error
Spring Security登錄無需身份驗證即可重定向到/ j_spring_security_check
[英]Spring Security Login Redirects to /j_spring_security_check Without Authenticating
Spring Security Login Error:HTTP Status 404 - / j_spring_security_check
[英]Spring Security Login Error : HTTP Status 404 - /j_spring_security_check
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.