Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/343.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java customAuthenticationProvider身份验证调用了两次_Java_Authentication_Spring Boot_Custom Authentication - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java customAuthenticationProvider身份验证调用了两次

Java customAuthenticationProvider身份验证调用了两次

java authentication spring-boot

Java customAuthenticationProvider身份验证调用了两次,java,authentication,spring-boot,custom-authentication,Java,Authentication,Spring Boot,Custom Authentication,我已经对此进行了研究,我认为这条评论(在这个帖子的答案下面:)将是我的解决方案。。。但我仍然收到两次提交/调用以进行身份验证。第二个密码每次都是空的。第一个呼叫具有凭据 下面是Java配置类和CustomAuthProvider类 @Configuration @EnableWebSecurity public class UserWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { @Override prot

我已经对此进行了研究,我认为这条评论(在这个帖子的答案下面:)将是我的解决方案。。。但我仍然收到两次提交/调用以进行身份验证。第二个密码每次都是空的。第一个呼叫具有凭据

下面是Java配置类和CustomAuthProvider类

@Configuration
@EnableWebSecurity
public class UserWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { 
@Override
protected void configure(HttpSecurity http) throws Exception {
    //@formatter:off
    http.antMatcher("/**")
            .authorizeRequests()
            .antMatchers("/", "/home**", "/login**","/create_user")
            .permitAll().anyRequest().authenticated()
        .and()
            .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/login")
            .failureUrl("/login?error")
        .and()
            .logout()
            .logoutSuccessUrl("/login?logout")
            .permitAll()
        .and()
            .exceptionHandling().accessDeniedPage("/login?denied") //in this simple case usually due to a InvalidCsrfTokenException after session timeout
        .and()
            .csrf()
                .ignoringAntMatchers("/rest/**")
        .and()
            .sessionManagement().enableSessionUrlRewriting(false)
        .and()
            .headers().frameOptions().deny();
}
。。。然后customAuthProvider

@Component
public class CustomAuthProvider implements AuthenticationProvider {

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    if (authentication.getName() == null) {
        logger.warn("empty userName");
        return null;
    }

    if (authentication.getCredentials() == null) {
        logger.warn("empty password");
        return null;
    }

// code to check credentials etc ...

 if (!(user != null && userHash.equals(storedHash))) {
        System.out.println("fail");
        return  null;
    }

    return new UsernamePasswordAuthenticationToken(user,password);

}
已修改身份验证提供程序代码,以空授权列表结尾,并返回authenticationToken。。。现在它起作用了

// ...        
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user,password, new ArrayList<>());
return authenticationToken;

/。。。
UsernamePasswordAuthenticationToken authenticationToken=新UsernamePasswordAuthenticationToken(用户、密码、新ArrayList());
返回authenticationToken;
修改了身份验证提供程序代码,以空授权列表结尾,并返回authenticationToken。。。现在它起作用了

// ...        
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user,password, new ArrayList<>());
return authenticationToken;

/。。。
UsernamePasswordAuthenticationToken authenticationToken=新UsernamePasswordAuthenticationToken(用户、密码、新ArrayList());
返回authenticationToken;
修改身份验证提供程序代码以空授权列表结尾…修改身份验证提供程序代码以空授权列表结尾。。。