Java 如何使用AuthenticationProvider Spring安全性?
我是Spring新手,我需要一些使用Spring安全性进行身份验证的帮助。此外,如果有人可以,最好能弄清楚一些时刻,(我会用(#{1-…})来标记它们),因为在开始的时候,对我来说有很多“魔力”和奇怪的东西,即使在阅读教程和文档=( 所以,我尝试实现AuthenticationProvider,如果我正确理解authenticate()方法中的所有内容,我就可以组织我的特定身份验证逻辑。 所以我的代码看起来像: (#1)如果我理解正确,Spring会自动创建名为value=“customAuth”的bean,并且不需要在任何上下文文件中说明这个bean。我说得对吗?) CustomAuthenticationProvider:Java 如何使用AuthenticationProvider Spring安全性?,java,spring,jsp,spring-mvc,spring-security,Java,Spring,Jsp,Spring Mvc,Spring Security,我是Spring新手,我需要一些使用Spring安全性进行身份验证的帮助。此外,如果有人可以,最好能弄清楚一些时刻,(我会用(#{1-…})来标记它们),因为在开始的时候,对我来说有很多“魔力”和奇怪的东西,即使在阅读教程和文档=( 所以,我尝试实现AuthenticationProvider,如果我正确理解authenticate()方法中的所有内容,我就可以组织我的特定身份验证逻辑。 所以我的代码看起来像: (#1)如果我理解正确,Spring会自动创建名为value=“customAuth
@Service(value = "customAuth")
public class CustomAuthenticationProvider implements AuthenticationProvider{
@Autowired
public Storages storage;
@Override
@Transactional
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String login = authentication.getName();
String password = authentication.getCredentials().toString();
final User user = storage.uSM.findByAuthorization(login, password);
if (user==null){
return null;
} else {
return new UsernamePasswordAuthenticationToken(login, password);
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/secret/page" access="isAuthenticated()"/>
<form-login
login-page="/sign/in"
default-target-url="/secret/page"
authentication-failure-url="/sign/in"
password-parameter="password"
username-parameter="username"
/>
</http>
<authentication-manager>
<authentication-provider ref="customAuth"/>
</authentication-manager>
</beans:beans>
在这种情况下,在我发布表单后,它会将我重定向到/login,因为它不存在,所以会发生404错误
有人能帮我解决吗?如果有任何解释、链接和想法,我将不胜感激。提前谢谢。替代解决方案:
(#1)您应该创建id为“customAuth”的bean,因为spring将引用此id来使用CustomAuthenticationProvider
类,只需离开@Service
而不带任何参数就可以了。(如果需要,您可以尝试)
(#2)在.jsp中提交登录页面后,spring将在登录处理url=/login
事件中处理您在
中未声明的信息。是的,spring将引用CustomAuthenticationProvider
。如果登录成功,spring将将您重定向到默认目标url=“/secret/page”
。如果登录失败,它将重定向到可用的允许页面
我已经更改了你的部分代码
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/resources/spring-context.xml
classpath:/resources/spring-security.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/resources/spring-context.xml
classpath:/resources/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/secret/page</url-pattern>
</filter-mapping>
<mvc:default-servlet-handler/>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/resources/spring-context.xml
classpath:/resources/spring-security.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<mvc:default-servlet-handler/>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/sign/in" access="permitAll()" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login
login-page="/sign/in"
default-target-url="/secret/page"
authentication-failure-url="/sign/in"
password-parameter="password"
username-parameter="username"
/>
</http>
<authentication-manager>
<authentication-provider ref="customAuth"/>
</authentication-manager>
<beans:bean id="customAuth" class="xx.xxx.xxxx.CustomAuthenticationProvider" />
</beans:beans>
appServlet
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
类路径:/resources/spring-context.xml
类路径:/resources/spring-security.xml
1.
appServlet
/
org.springframework.web.context.ContextLoaderListener
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
spring security.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/resources/spring-context.xml
classpath:/resources/spring-security.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/resources/spring-context.xml
classpath:/resources/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/secret/page</url-pattern>
</filter-mapping>
<mvc:default-servlet-handler/>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/resources/spring-context.xml
classpath:/resources/spring-security.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<mvc:default-servlet-handler/>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/sign/in" access="permitAll()" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login
login-page="/sign/in"
default-target-url="/secret/page"
authentication-failure-url="/sign/in"
password-parameter="password"
username-parameter="username"
/>
</http>
<authentication-manager>
<authentication-provider ref="customAuth"/>
</authentication-manager>
<beans:bean id="customAuth" class="xx.xxx.xxxx.CustomAuthenticationProvider" />
</beans:beans>
in.jsp
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<c:if test="${failed==1}">
<font color="red">
Authentication failed. Wrong email/password.
</font>
</c:if>
<form action="<c:url value='/login />'" method="POST">
<label> E-mail </label>
<input type="email" name="username" required><br>
<label> Password </label>
<input type="password" name="password" required><br>
<input type="submit" value="Sign in"><br>
</form>
</body>
JSP页面
身份验证失败。电子邮件/密码错误。
电子邮件
密码
出现404的原因是您需要使用/secret/page
定义控制器并返回所需的JSP文件
希望它能帮上忙。你得到什么错误?堆栈跟踪?事实上,当我试图发布我的登录表单时,我得到了404错误,因为它试图将我引用到不存在的/login页面。/login
实际上是spring security中存在的用户名密码验证过滤器。你可以试试我的答案。非常感谢你的帮助d解释。我很抱歉回答得太长。它现在运行正常,我可以看到我被重定向到sign/in?failed=1,所以它运行正常(可能是我在我的课堂上的某个地方犯了一个与数据库相关的错误)。如果要获取参数“失败”,可以在方法控制器中添加@RequestParam,并可以获取失败的值(
,welcome and gud luk:)