Java配置不起作用的Spring Boot自定义身份验证提供程序
我正在尝试设置一个基于REST的web应用程序,其中前端使用Reactjs,后端使用SpringBoot。我还试图设置一个自定义身份验证提供程序,这就是我的问题开始的地方。尝试测试登录API调用时,从未调用CustomAuthenticationProvider,而是使用默认的DAOAAuthenticationProvider。这会导致登录报告“错误凭据” 我已将一个小示例应用程序上载到github: 为了测试登录API,我使用以下方法:Java配置不起作用的Spring Boot自定义身份验证提供程序,java,spring,rest,authentication,spring-security,Java,Spring,Rest,Authentication,Spring Security,我正在尝试设置一个基于REST的web应用程序,其中前端使用Reactjs,后端使用SpringBoot。我还试图设置一个自定义身份验证提供程序,这就是我的问题开始的地方。尝试测试登录API调用时,从未调用CustomAuthenticationProvider,而是使用默认的DAOAAuthenticationProvider。这会导致登录报告“错误凭据” 我已将一个小示例应用程序上载到github: 为了测试登录API,我使用以下方法: curl -H "Content-Type: appl
curl -H "Content-Type: application/json" -X POST -d '{"username":"admin","password":"admin"}' http://localhost:8080/api/users/login
CustomAuthenticationProvider执行简单的用户名/密码检查,并返回UsernamePasswordAuthenticationToken对象
package no.bluebit.demo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
private static final Logger logger = LoggerFactory.getLogger(CustomAuthenticationProvider.class);
public CustomAuthenticationProvider() {
logger.info("*** CustomAuthenticationProvider created");
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if(authentication.getName().equals("admin") && authentication.getCredentials().equals("admin")) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuths.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
return new UsernamePasswordAuthenticationToken(authentication.getName(), authentication.getCredentials(), grantedAuths);
} else {
return null;
}
}
@Override
public boolean supports(Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}
}
为什么不起作用?看看AuthenticationProvider类(分别是java文档) 该方法预期:
* Performs authentication with the same contract as
* {@link org.springframework.security.authentication.AuthenticationManager#authenticate(Authentication)}
* @return a fully authenticated object including credentials. May return
* <code>null</code> if the <code>AuthenticationProvider</code> is unable to support
* authentication of the passed <code>Authentication</code> object. In such a case,
* the next <code>AuthenticationProvider</code> that supports the presented
* <code>Authentication</code> class will be tried.
如果返回null,则将调用下一个AuthenticationProvider,即defaut
我不确定这是不是个问题,但这可能是个问题。尝试抛出BadCredentialsException,正如AuthenticationManager类告诉您的那样:
* <li>A {@link BadCredentialsException} must be thrown if incorrect credentials are
* presented. Whilst the above exceptions are optional, an
* <code>AuthenticationManager</code> must <B>always</B> test credentials.</li>
您必须以其他方式设置凭据。尝试查看用户名密码令牌的工作示例。但是,您的“身份验证”功能需要是设置凭据的功能。尝试添加http头,它认为: 例如:
const headers = new HttpHeaders();
headers.set('Access-Control-Allow-Origin', '*');
headers.set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, DELETE, PUT');
headers.set('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept, x-
requested-with, Cache-Control');
headers.set('Content-Type', 'application/json');
this.http.post('http://localhost:8081/loginAngular',
JSON.stringify({user: 'sdasd', password: 'dasdasd', estado: 'dasdasd', idUsuario: 1, resultado: 'asdasd'}) ,
{headers: new HttpHeaders().set('Content-Type', 'application/json')}).subscribe(data => {
console.log(' Data: ' + data);
});
我用spring security和angular制作了这个应用程序!
正面:
后退:看看这个:谢谢!问题在于缺少@Autowired注释。问题解决了@franDayz可能会添加您的评论作为答案,以便Håvard Bakke可以接受作为答案?@demaniak我刚刚尝试过,但系统会将简单的答案转换为评论…@franDayz刚刚提到,为什么需要使用“@autowired”并跟踪URL,然后您可以添加它作为答案:)
const headers = new HttpHeaders();
headers.set('Access-Control-Allow-Origin', '*');
headers.set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, DELETE, PUT');
headers.set('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept, x-
requested-with, Cache-Control');
headers.set('Content-Type', 'application/json');
this.http.post('http://localhost:8081/loginAngular',
JSON.stringify({user: 'sdasd', password: 'dasdasd', estado: 'dasdasd', idUsuario: 1, resultado: 'asdasd'}) ,
{headers: new HttpHeaders().set('Content-Type', 'application/json')}).subscribe(data => {
console.log(' Data: ' + data);
});