Spring loadUserByUsername被传递为空用户名_Spring_Security_Customization

Spring loadUserByUsername被传递为空用户名

spring security

Spring loadUserByUsername被传递为空用户名,spring,security,customization,Spring,Security,Customization,我试图实现Scarioni的“Pro Spring Security”中的一个示例，该示例实现了一个自定义内存用户模型（实现UserDetailsService接口）和自定义表达式处理程序。当我尝试登录时，CustomInMemoryUserDetailsManager的loadUserByUsername（）方法会被传递一个空（非空）用户名字符串。这将导致访问被拒绝。如果我强制用户名为预期值（admin），那么一切都正常，包括自定义表达式处理以下是我的安全配置： <?xml versi

我试图实现Scarioni的“Pro Spring Security”中的一个示例，该示例实现了一个自定义内存用户模型（实现UserDetailsService接口）和自定义表达式处理程序。当我尝试登录时，CustomInMemoryUserDetailsManager的loadUserByUsername（）方法会被传递一个空（非空）用户名字符串。这将导致访问被拒绝。如果我强制用户名为预期值（admin），那么一切都正常，包括自定义表达式处理

以下是我的安全配置：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans  http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:http  auto-config="true"  use-expressions="true" >
    <security:expression-handler ref="expressionHandler" />
    <security:intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN') and hasIpAddress('127.0.0.1') and over18"/>
    <security:remember-me key="terror-key" />
    <security:form-login login-page="/custom_login"
        authentication-failure-handler-ref="serverErrorHandler"
        username-parameter="user_param" password-parameter="pass_param" />
</security:http>

<security:authentication-manager>
    <security:authentication-provider user-service-ref="inMemoryUserServiceWithCustomUser" />
</security:authentication-manager>

    <!-- Custom expression handler bean -->
<bean id="expressionHandler" class="com.apress.pss.terrormovies.security.CustomWebSecurityExpressionHandler"/>

<bean id="inMemoryUserServiceWithCustomUser"
       class="com.apress.pss.terrormovies.spring.CustomInMemoryUserDetailsManager">
    <constructor-arg>
       <list>
           <bean class="com.apress.pss.terrormovies.model.User">
               <constructor-arg value="admin"/>
               <constructor-arg value="admin"/>
               <constructor-arg>
                  <list>
                      <bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
                         <constructor-arg value="ROLE_ADMIN"/>
                      </bean>
                  </list>
               </constructor-arg>
               <constructor-arg value="Scarioni"/>
               <constructor-arg value="19"/>
           </bean>
       </list>
    </constructor-arg>   
</bean>

<bean id="logoutRedirectToAny"
    class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
</bean>

<bean id="serverErrorHandler" class="com.apress.pss.terrormovies.security.ServerErrorFailureHandler"/>

</beans>

初始化时，您可以在日志中看到用户被正确地输入到用户HashMap中：

08:29:25,912 DEBUG main CustomInMemoryUserDetailsManager:26 - CustomInMemoryUserDetailsManager()- put username: admin last name: Scarioni authority: [ROLE_ADMIN]

我注意到这个用户是匿名的，我不知道为什么。任何帮助都将不胜感激

谢谢

mike

我也面临同样的问题。我已经有一段时间没有考虑这个问题了，所以很抱歉我不能提供任何解决方案。我知道我已经在其他几个项目上实现了安全性，并且没有任何问题。我想这是因为我尝试了formLogin（），而我的应用程序是REST api。我没有找到成功的授权处理程序（也尝试了一个过滤器），因此我最终在控制器中创建了我的JWT令牌。“现在一切正常了。@阿什温如果你仔细看看我在这里的评论，你会发现它们是3年前的。我还没有在脑海中记住这一点。我也不知道你的背景。我只能建议你走JWT路线。

:28,785 DEBUG main DispatcherServlet:130 - Servlet 'terrormovies' configured successfully
08:29:48,058 DEBUG qtp1624348237-15 FilterChainProxy:337 - /admin/movies at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
08:29:48,072 DEBUG qtp1624348237-15 HttpSessionSecurityContextRepository:127 - No HttpSession currently exists
08:29:48,085 DEBUG qtp1624348237-15 HttpSessionSecurityContextRepository:85 - No SecurityContext was available from the HttpSession: null. A new one will be created.
08:29:48,120 DEBUG qtp1624348237-15 FilterChainProxy:337 - /admin/movies at position 2 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
08:29:48,120 DEBUG qtp1624348237-15 FilterChainProxy:337 - /admin/movies at position 3 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
08:29:48,120 DEBUG qtp1624348237-15 FilterChainProxy:337 - /admin/movies at position 4 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
08:29:48,121 DEBUG qtp1624348237-15 FilterChainProxy:337 - /admin/movies at position 5 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
08:29:48,121 DEBUG qtp1624348237-15 FilterChainProxy:337 - /admin/movies at position 6 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
08:29:48,122 DEBUG qtp1624348237-15 FilterChainProxy:337 - /admin/movies at position 7 of 11 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
08:29:48,123 DEBUG qtp1624348237-15 FilterChainProxy:337 - /admin/movies at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
08:29:48,124 DEBUG qtp1624348237-15 AnonymousAuthenticationFilter:102 - Populated  SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
08:29:48,125 DEBUG qtp1624348237-15 FilterChainProxy:337 - /admin/movies at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
08:29:48,125 DEBUG qtp1624348237-15 SessionManagementFilter:92 - Requested session ID ncic677387xfiq2ciohmau1 is invalid.
08:29:48,126 DEBUG qtp1624348237-15 FilterChainProxy:337 - /admin/movies at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
08:29:48,126 DEBUG qtp1624348237-15 FilterChainProxy:337 - /admin/movies at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
08:29:48,126 DEBUG qtp1624348237-15 AntPathRequestMatcher:103 - Checking match of request : '/admin/movies'; against '/admin/*'
08:29:48,127 DEBUG qtp1624348237-15 FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /admin/movies; Attributes: [hasRole('ROLE_ADMIN') and hasIpAddress('127.0.0.1') and over18]
08:29:48,127 DEBUG qtp1624348237-15 FilterSecurityInterceptor:310 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
08:29:48,129 DEBUG qtp1624348237-15 CustomWebSecurityExpressionRoot:22 - CustomWebSecurityExpressionRoot()- call
08:29:48,154 DEBUG qtp1624348237-15 AffirmativeBased:65 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@35333295, returned: -1
08:29:48,157 DEBUG qtp1624348237-15 ExceptionTranslationFilter:165 - Access is denied(user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
...

08:29:25,912 DEBUG main CustomInMemoryUserDetailsManager:26 - CustomInMemoryUserDetailsManager()- put username: admin last name: Scarioni authority: [ROLE_ADMIN]