Java spring安全性不进行身份验证
我正在使用SpringSecurity3.2.0和SpringFramework4.x编写一个简单的web应用程序。我可以看到用户名/密码在自定义身份验证提供程序中通过,但实际身份验证没有完成;也就是说,当输入错误的密码时,我仍然会被带到登录后的url/仪表板 web.xmlJava spring安全性不进行身份验证,java,spring,authentication,spring-mvc,spring-security,Java,Spring,Authentication,Spring Mvc,Spring Security,我正在使用SpringSecurity3.2.0和SpringFramework4.x编写一个简单的web应用程序。我可以看到用户名/密码在自定义身份验证提供程序中通过,但实际身份验证没有完成;也就是说,当输入错误的密码时,我仍然会被带到登录后的url/仪表板 web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/n
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-config.xml
/WEB-INF/spring-security-config.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>frontController</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
</servlet>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>frontController</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>
用户服务按id获取用户详细信息,并注入上面的身份验证提供程序:
public class UserLoginService implements UserDetailsService{
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
UserDetail ud = new UserDetail();
User u = new User();
ud.setUser(u);
u.setUsername("reza");
u.setPassword("reza");
u.setAccountNonExpired(true);
u.setAccountNonLocked(true);
u.setCredentialsNonExpired(true);
u.setEnabled(true);
u.setRole("ROLE_USER");
return ud;
}
public class UserDetail implements org.springframework.security.core.userdetails.UserDetails {
User user;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(1);
authList.add(new SimpleGrantedAuthority(user.getRole()));
return authList;
}
@Override
public String getPassword() {
return user.getPassword();
}
@Override
public String getUsername() {
return user.getUsername();
}
@Override
public boolean isAccountNonExpired() {
return user.isAccountNonExpired();
}
@Override
public boolean isAccountNonLocked() {
return user.isAccountNonLocked();
}
@Override
public boolean isCredentialsNonExpired() {
return user.isCredentialsNonExpired();
}
@Override
public boolean isEnabled() {
return user.isEnabled();
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
}
我在auth提供者上重写了authenticate方法,并调用super.authenticate,它成功了 您确实需要为您的身份验证提供程序和UserDetailsService.post添加代码。完整的UserLoginService我在身份验证提供程序上重写了authenticate方法,并调用super.authenticate,它成功了。但对我来说,这一步似乎没有必要。。。
public class AuthenticationProvider extends DaoAuthenticationProvider {
//nothing here
}
public class UserLoginService implements UserDetailsService{
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
UserDetail ud = new UserDetail();
User u = new User();
ud.setUser(u);
u.setUsername("reza");
u.setPassword("reza");
u.setAccountNonExpired(true);
u.setAccountNonLocked(true);
u.setCredentialsNonExpired(true);
u.setEnabled(true);
u.setRole("ROLE_USER");
return ud;
}
public class UserDetail implements org.springframework.security.core.userdetails.UserDetails {
User user;
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(1);
authList.add(new SimpleGrantedAuthority(user.getRole()));
return authList;
}
@Override
public String getPassword() {
return user.getPassword();
}
@Override
public String getUsername() {
return user.getUsername();
}
@Override
public boolean isAccountNonExpired() {
return user.isAccountNonExpired();
}
@Override
public boolean isAccountNonLocked() {
return user.isAccountNonLocked();
}
@Override
public boolean isCredentialsNonExpired() {
return user.isCredentialsNonExpired();
}
@Override
public boolean isEnabled() {
return user.isEnabled();
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
}