当前位置:theitroad>java Spring Security - 未调用自定义身份验证提供程序

java Spring Security - 未调用自定义身份验证提供程序

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/2031355/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-10-29 19:02:00  来源:igfitidea点击:

Spring Security - Custom authentication provider not called

javaspringauthenticationspring-security

提问by Tai Squared

I have a Spring application (Spring version 2.5.6.SEC01, Spring Security version 2.0.5) with the following setup (this is based off of this question):

我有一个 Spring 应用程序(Spring 版本2.5.6.SEC01,Spring Security 版本2.0.5)具有以下设置(这是基于这个问题):

In the security-config.xmlfile, I have the following configuration:

security-config.xml文件中,我有以下配置:

<http>
  <!-- Restrict URLs based on role -->
  <intercept-url pattern="/WEB-INF/jsp/login.jsp*" access="ROLE_ANONYMOUS" />
  <intercept-url pattern="/WEB-INF/jsp/header.jsp*" access="ROLE_ANONYMOUS" />
  <intercept-url pattern="/WEB-INF/jsp/footer.jsp*" access="ROLE_ANONYMOUS" />
  <intercept-url pattern="/login*" access="ROLE_ANONYMOUS" />
  <intercept-url pattern="/index.jsp" access="ROLE_ANONYMOUS" />
  <intercept-url pattern="/logoutSuccess*" access="ROLE_ANONYMOUS" />

  <intercept-url pattern="/css/**" filters="none" />
  <intercept-url pattern="/images/**" filters="none" />
  <intercept-url pattern="/**" access="ROLE_ANONYMOUS" />
  <anonymous />
  <form-login login-page="/login.jsp"/>
</http>

<beans:bean id="myUserDetailsService" class="com.example.login.MyUserDetailsService">
  <beans:property name="dataSource" ref="dataSource" />
  <custom-authentication-provider />
</beans:bean>

<authentication-provider user-service-ref="myUserDetailsService" />

The com.example.login.MyUserDetailsServiceclass is defined:

所述com.example.login.MyUserDetailsS​​ervice类被定义:

public class MyUserDetailsService extends SimpleJdbcDaoSupport implements UserDetailsService {
  @Override
  public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException,
          DataAccessException {
    logger.info("MyUserDetailsService.loadUserByUsername: Entered method. Username [" + userName + "]");
    ...
  }
}

But I'm not seeing this log line. How do I define a custom UserDetailsService so I can set the security roles? I don't even need a custom service, but having this in the security-config.xml

但我没有看到这个日志行。如何定义自定义 UserDetailsS​​ervice 以便设置安全角色?我什至不需要自定义服务,但是在 security-config.xml 中有这个

<authentication-provider> <jdbc-user-service data-source-ref="dataSource" />
</authentication-provider>

wasn't setting the role even though I have the users and authorities tables. How can I set the Spring Security Roles?

即使我有用户和权限表,也没有设置角色。如何设置 Spring 安全角色?

回答by axtavt

Just remove <custom-authentication-provider>element.

只需删除<custom-authentication-provider>元素。

Your MyUserDetailsServiceIS NOT a custom AuthenticationProvider. Actually you are trying to supply the default DaoAuthenticationProviderwith a custom UserDetailsService. Here is an example of working config for that scenario (and once again I recommend you to use auto-config):

您的MyUserDetailsService不是自定义的AuthenticationProvider。实际上,您正在尝试DaoAuthenticationProvider使用自定义UserDetailsService. 这是该场景的工作配置示例(我再次建议您使用auto-config):

<http auto-config = "true">
    <intercept-url pattern="/login.jsp" access="ROLE_ANONYMOUS" />
    ...
    <intercept-url pattern="/**" access="ROLE_USER" />

    <form-login login-page="/login.jsp" default-target-url="/XXX.html" />
</http>

<authentication-provider user-service-ref = "userDetailsService" />

<beans:bean id = "userDetailsService" class = "com.example.MyUserService" />

EDIT:

编辑:

web.xml:

网页.xml:

...
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
...

login.jsp:

登录.jsp:

...
<form method = "POST" action = "<c:url value = "/j_spring_security_check" />">
    <table>
        <tr>
            <td class = "label">Login:</td>
            <td><input type = "text" name = "j_username" /></td>
        </tr>
        <tr>
            <td class = "label">Password:</td>
            <td><input type = "password" name = "j_password" /></td>
        </tr>

        <tr>
            <td colspan = "2"><input type = "submit" value = "Log in" /></td>
        </tr>
    </table>
</form>
...

回答by Balasubramanian Jayaraman

I think the authentication-provide tag should come with authentication-manager tag.

我认为 authentication-provide 标签应该带有 authentication-manager 标签。

<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="myUserService" />
</authentication-manager>

Hope this works!

希望这有效!

相关推荐

java 如何将查询设置为未提交读取?

java 如何将查询设置为未提交读取?

java 如何在给定 SOAP WSDL 操作的情况下创建 WSDL 文件

java 如何在给定 SOAP WSDL 操作的情况下创建 WSDL 文件

java 整数计数器 - 最大值时该怎么办?

java 整数计数器 - 最大值时该怎么办?

java 我应该如何设置 CLASSPATH?

java 我应该如何设置 CLASSPATH?

相关推荐
最近更新
标签