Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java配置不起作用的Spring Boot自定义身份验证提供程序_Java_Spring_Rest_Authentication_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java配置不起作用的Spring Boot自定义身份验证提供程序

Java配置不起作用的Spring Boot自定义身份验证提供程序

java spring rest authentication spring-security

Java配置不起作用的Spring Boot自定义身份验证提供程序,java,spring,rest,authentication,spring-security,Java,Spring,Rest,Authentication,Spring Security,我正在尝试设置一个基于REST的web应用程序,其中前端使用Reactjs,后端使用SpringBoot。我还试图设置一个自定义身份验证提供程序,这就是我的问题开始的地方。尝试测试登录API调用时,从未调用CustomAuthenticationProvider,而是使用默认的DAOAAuthenticationProvider。这会导致登录报告“错误凭据” 我已将一个小示例应用程序上载到github: 为了测试登录API,我使用以下方法: curl -H "Content-Type: appl

我正在尝试设置一个基于REST的web应用程序,其中前端使用Reactjs,后端使用SpringBoot。我还试图设置一个自定义身份验证提供程序,这就是我的问题开始的地方。尝试测试登录API调用时,从未调用CustomAuthenticationProvider,而是使用默认的DAOAAuthenticationProvider。这会导致登录报告“错误凭据”

我已将一个小示例应用程序上载到github:

为了测试登录API,我使用以下方法:

curl -H "Content-Type: application/json" -X POST -d '{"username":"admin","password":"admin"}' http://localhost:8080/api/users/login
CustomAuthenticationProvider执行简单的用户名/密码检查,并返回UsernamePasswordAuthenticationToken对象

package no.bluebit.demo;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

private static final Logger logger =     LoggerFactory.getLogger(CustomAuthenticationProvider.class);

public CustomAuthenticationProvider() {
    logger.info("*** CustomAuthenticationProvider created");
}

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    if(authentication.getName().equals("admin")  && authentication.getCredentials().equals("admin")) {
        List<GrantedAuthority> grantedAuths = new ArrayList<>();
        grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
        grantedAuths.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
        return new UsernamePasswordAuthenticationToken(authentication.getName(), authentication.getCredentials(), grantedAuths);
    } else {
        return null;
    }

}

@Override
public boolean supports(Class<?> authentication) {
    return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}

}
为什么不起作用?

看看AuthenticationProvider类(分别是java文档)

该方法预期:

 * Performs authentication with the same contract as
 * {@link org.springframework.security.authentication.AuthenticationManager#authenticate(Authentication)}
 * @return a fully authenticated object including credentials. May return
 * <code>null</code> if the <code>AuthenticationProvider</code> is unable to support
 * authentication of the passed <code>Authentication</code> object. In such a case,
 * the next <code>AuthenticationProvider</code> that supports the presented
 * <code>Authentication</code> class will be tried.
如果返回null,则将调用下一个AuthenticationProvider,即defaut

我不确定这是不是个问题,但这可能是个问题。尝试抛出BadCredentialsException,正如AuthenticationManager类告诉您的那样:

 * <li>A {@link BadCredentialsException} must be thrown if incorrect credentials are
 * presented. Whilst the above exceptions are optional, an
 * <code>AuthenticationManager</code> must <B>always</B> test credentials.</li>
您必须以其他方式设置凭据。尝试查看用户名密码令牌的工作示例。但是,您的“身份验证”功能需要是设置凭据的功能。

尝试添加http头,它认为:

例如:

const headers = new HttpHeaders();
headers.set('Access-Control-Allow-Origin', '*');
headers.set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, DELETE, PUT');
headers.set('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept, x- 
requested-with, Cache-Control');
headers.set('Content-Type', 'application/json');


this.http.post('http://localhost:8081/loginAngular',
   JSON.stringify({user: 'sdasd', password: 'dasdasd', estado: 'dasdasd', idUsuario: 1, resultado: 'asdasd'}) ,
  {headers: new HttpHeaders().set('Content-Type', 'application/json')}).subscribe(data => {
  console.log(' Data: ' + data);

});
我用spring security和angular制作了这个应用程序! 正面:
后退:

看看这个:谢谢!问题在于缺少@Autowired注释。问题解决了@franDayz可能会添加您的评论作为答案,以便Håvard Bakke可以接受作为答案?@demaniak我刚刚尝试过,但系统会将简单的答案转换为评论…@franDayz刚刚提到,为什么需要使用“@autowired”并跟踪URL,然后您可以添加它作为答案:) 
const headers = new HttpHeaders();
headers.set('Access-Control-Allow-Origin', '*');
headers.set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, DELETE, PUT');
headers.set('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept, x- 
requested-with, Cache-Control');
headers.set('Content-Type', 'application/json');


this.http.post('http://localhost:8081/loginAngular',
   JSON.stringify({user: 'sdasd', password: 'dasdasd', estado: 'dasdasd', idUsuario: 1, resultado: 'asdasd'}) ,
  {headers: new HttpHeaders().set('Content-Type', 'application/json')}).subscribe(data => {
  console.log(' Data: ' + data);

});