Java Spring安全-注册用户后自动登录不起作用
在我的SpringBootMVC应用程序中,我使用SpringSecurity提供身份验证和用户注册。用户的身份验证和注册工作正常,但创建用户帐户后,我想自动登录他。在这样做时,我收到了BadCredentialsException。此具有相同凭据的用户通常使用登录表单正确登录。我感谢你的帮助。下面是我的代码: 来自控制器的方法 SecurityServiceImpl方法身份验证正在引发异常 UserServiceImpl UserDetailsServiceImpl 首先,就我从您的代码中所看到的,由于密码问题,此方法引发异常。您的方法RegisterNewSerAccount返回的用户对象的密码已被散列。然后你把它传给这里:Java Spring安全-注册用户后自动登录不起作用,java,spring,spring-mvc,spring-boot,spring-security,Java,Spring,Spring Mvc,Spring Boot,Spring Security,在我的SpringBootMVC应用程序中,我使用SpringSecurity提供身份验证和用户注册。用户的身份验证和注册工作正常,但创建用户帐户后,我想自动登录他。在这样做时,我收到了BadCredentialsException。此具有相同凭据的用户通常使用登录表单正确登录。我感谢你的帮助。下面是我的代码: 来自控制器的方法 SecurityServiceImpl方法身份验证正在引发异常 UserServiceImpl UserDetailsServiceImpl 首先,就我从您的代码中所看
securityService.autologin(registeredUser.getLogin(), registeredUser.getPassword());
所以后来证明您正在将哈希密码传递给authenticationManager。这是错误的-您应该将原始密码传递给它。Smth是这样的:
@RequestMapping(value = "/register", method = RequestMethod.POST)
public String registerUser(@ModelAttribute("user") User user, BindingResult result,
WebRequest request, Errors errors) {
User registeredUser = null;
String originalPassword = user.getPassword();
if (result.hasErrors() == false) {
registeredUser = createUserAccount(user, result);
}
if (registeredUser == null) {
return "/register";
}
securityService.autologin(registeredUser.getLogin(), originalPassword);
return "/whiprounds";
}
@Override
public void autologin(String username, String password) {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
Authentication auth = authenticationManager.authenticate(usernamePasswordAuthenticationToken);
if (auth.isAuthenticated()) {
SecurityContextHolder.getContext().setAuthentication(auth);
logger.debug(String.format("Auto login %s successfully!", username));
}
}
其次,authenticationManager.AuthenticateAserNamePasswordAuthenticationToken;-如果身份验证成功,此方法实际上会返回已填充的身份验证对象,您应该将此对象放入SecurityContext,而不是传递给“authenticationManager”的对象。Smth是这样的:
@RequestMapping(value = "/register", method = RequestMethod.POST)
public String registerUser(@ModelAttribute("user") User user, BindingResult result,
WebRequest request, Errors errors) {
User registeredUser = null;
String originalPassword = user.getPassword();
if (result.hasErrors() == false) {
registeredUser = createUserAccount(user, result);
}
if (registeredUser == null) {
return "/register";
}
securityService.autologin(registeredUser.getLogin(), originalPassword);
return "/whiprounds";
}
@Override
public void autologin(String username, String password) {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
Authentication auth = authenticationManager.authenticate(usernamePasswordAuthenticationToken);
if (auth.isAuthenticated()) {
SecurityContextHolder.getContext().setAuthentication(auth);
logger.debug(String.format("Auto login %s successfully!", username));
}
}
希望这有帮助
@RequestMapping(value = "/register", method = RequestMethod.POST)
public String registerUser(@ModelAttribute("user") User user, BindingResult result,
WebRequest request, Errors errors) {
User registeredUser = null;
String originalPassword = user.getPassword();
if (result.hasErrors() == false) {
registeredUser = createUserAccount(user, result);
}
if (registeredUser == null) {
return "/register";
}
securityService.autologin(registeredUser.getLogin(), originalPassword);
return "/whiprounds";
}
@Override
public void autologin(String username, String password) {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
Authentication auth = authenticationManager.authenticate(usernamePasswordAuthenticationToken);
if (auth.isAuthenticated()) {
SecurityContextHolder.getContext().setAuthentication(auth);
logger.debug(String.format("Auto login %s successfully!", username));
}
}