Spring安全性-未调用提供的自定义身份验证
我已经阅读了关于同一问题的所有stackoverflow主题。我已经阅读了贝尔东的教程,但我仍然没有得到这个工作 我的Spring安全性-未调用提供的自定义身份验证,spring,spring-boot,tomcat,spring-security,Spring,Spring Boot,Tomcat,Spring Security,我已经阅读了关于同一问题的所有stackoverflow主题。我已经阅读了贝尔东的教程,但我仍然没有得到这个工作 我的CustomAuthenticationProvider未被调用,因此每次访问都被拒绝 我可能错过了一些明显的东西,因为我是一个春季初学者。但我已经阅读了大量的教程,我很确定我在做应该做的事情 下面是我的Web安全配置适配器: @Configuration @EnableWebSecurity public class NovataxewebSecurityConfig exte
CustomAuthenticationProviderWeb安全配置适配器@Configuration
@EnableWebSecurity
public class NovataxewebSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
CustomAuthenticationProvider customAuthenticationProvider;
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/login/**")
.antMatchers("/resources/**")
.antMatchers("/sessionTimeout")
.antMatchers("/logout");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
/* I was trying to do this at the beginning, since it's not working i'm doing something simpler below
http
.csrf().disable()
.authenticationProvider(customAuthenticationProvider)
.authorizeRequests()
.antMatchers("/login*").anonymous()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/loggedIn")
.failureUrl("/loginfailed")
.and()
.logout().logoutSuccessUrl("/logout")
.deleteCookies("remove")
.invalidateHttpSession(true)
.permitAll()
.and()
.sessionManagement()
.maximumSessions(25);*/
http.authorizeRequests().anyRequest().authenticated()
.and()
.httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthenticationProvider);
}
}
CustomAuthenticationProvider@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
private static String loginSave;
private static String passwordSave;
@Autowired
private MessageSource messageSource;
@Autowired
private UsernovaRepository usernovaRepository;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
if(name.matches("")){
throw new UsernameNotFoundException(messageSource.getMessage("utilisateur_incorrect", null, Locale.getDefault()));
}
UsernovaDAO user = null;
try {
user = usernovaRepository.findByUsername(name).get(0);
} catch (Exception e) {
throw new UsernameNotFoundException(messageSource.getMessage("utilisateur_incorrect", null, Locale.getDefault()));
}
String cryptedPass="";
try {
cryptedPass = SHA_256_motdepasse(password);
} catch (Exception e1) {
e1.printStackTrace();
}
if (user!=null && user.getPassword()==null) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
Authentication auth = new UsernamePasswordAuthenticationToken(name, password, grantedAuths);
try {
user.setPassword(SHA_256_motdepasse(password));
usernovaRepository.saveAndFlush(user);
loginSave = name;
passwordSave = password;
} catch (Exception e) {
e.printStackTrace();
}
return auth;
}else if(user!=null&& user.getPassword().equals(cryptedPass)){
loginSave = name;
passwordSave = password;
List<GrantedAuthority> grantedAuths = new ArrayList<>();
Authentication auth = new UsernamePasswordAuthenticationToken(name, password, grantedAuths);
return auth;
}
else if(user!=null&& !user.getPassword().matches(cryptedPass)){
throw new BadCredentialsException(messageSource.getMessage("mot_de_passe_incorrect", null, Locale.getDefault()));
}
else {
}
throw new UsernameNotFoundException(messageSource.getMessage("utilisateur_incorrect", null, Locale.getDefault()));
}
public String SHA_256_motdepasse(String passW) throws Exception {
// this algorithm returns a sha password
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
@组件
公共类CustomAuthenticationProvider实现AuthenticationProvider{
私有静态字符串loginSave;
私有静态字符串密码保存;
@自动连线
私有消息源;
@自动连线
私有UsernovaRepository UsernovaRepository;
@凌驾
公共身份验证(身份验证)引发AuthenticationException{
String name=authentication.getName();
字符串密码=authentication.getCredentials().toString();
if(name.matches(“”){
抛出新的UsernameNotFoundException(messageSource.getMessage(“Usilisateur_不正确”,null,Locale.getDefault());
}
UsernovaDAO user=null;
试一试{
user=usernovaRepository.findByUsername(name).get(0);
}捕获(例外e){
抛出新的UsernameNotFoundException(messageSource.getMessage(“Usilisateur_不正确”,null,Locale.getDefault());
}
字符串cryptedPass=“”;
试一试{
cryptedPass=SHA_256_motdepasse(密码);
}捕获(异常e1){
e1.printStackTrace();
}
if(user!=null&&user.getPassword()==null){
List grantedAuths=new ArrayList();
Authentication auth=新用户名PasswordAuthenticationToken(名称、密码、授权验证);
试一试{
user.setPassword(SHA_256_motdepasse(密码));
usernovaRepository.saveAndFlush(用户);
loginSave=名称;
passwordSave=密码;
}捕获(例外e){
e、 printStackTrace();
}
返回auth;
}else if(user!=null&&user.getPassword().equals(cryptedPass)){
loginSave=名称;
passwordSave=密码;
List grantedAuths=new ArrayList();
Authentication auth=新用户名PasswordAuthenticationToken(名称、密码、授权验证);
返回auth;
}
如果(user!=null&&!user.getPassword().matches(cryptedPass)){
抛出新的BadCredentialsException(messageSource.getMessage(“mot_de_passe_incorrect”,null,Locale.getDefault());
}
否则{
}
抛出新的UsernameNotFoundException(messageSource.getMessage(“Usilisateur_不正确”,null,Locale.getDefault());
}
公共字符串SHA_256_motdepasse(字符串passW)引发异常{
//此算法返回一个sha密码
}
@凌驾
公共布尔支持(类身份验证){
返回authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
另外,我使用的是带有Spring Security的Spring Boot。它是ApacheTomcat服务器 你想访问哪个url?我刚刚检查了你的代码示例,调用了提供程序。有关如何测试(尤其是
httpBasic