我正在使用spring security创建简单的应用程序。现在我有登录的问题。在第一步中,我想接受用密码测试的用户测试,所以我创建了这样的东西:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.1.xsd">
<http pattern="/resources/**" security="none" />
<http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<intercept-url pattern="/login.jsp" access="permitAll" />
<intercept-url pattern="/logout.jsp" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<access-denied-handler error-page="/denied.jsp" />
<logout invalidate-session="true" logout-success-url="/logout/success" logout-url="/logout" />
<custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
</http>
<beans:bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.jsp" />
</beans:bean>
<beans:bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="filterProcessesUrl" value="/j_spring_security_check" />
<beans:property name="authenticationFailureHandler" ref="securityLoginFailureHandler" />
<beans:property name="authenticationSuccessHandler" ref="securityLoginSuccessHandler" />
</beans:bean>
<beans:bean id="securityLoginSuccessHandler" class="org.sample.web.security.SecurityLoginSuccessHandler">
<beans:property name="defaultTargetUrl" value="/login.jsp" />
</beans:bean>
<beans:bean id="securityLoginFailureHandler" class="org.sample.web.security.SecurityLoginFailureHandler">
<beans:property name="defaultFailureUrl" value="/login/failure" />
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager>
</beans:beans>
和customUserDeteialsService:
package org.sample.web.service;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Service;
@Service
public class CustomUserDetailsService implements UserDetailsService {
protected final Logger logger = LoggerFactory.getLogger(getClass());
public UserDetails loadUserByUsername(String username) {
logger.error("niceeeeeeeeeeeee");
return new User("test", "test", getAuthorities(1));
}
/**
* Retrieves a collection of {@link GrantedAuthority} based on a numerical role
*
* @param role
* the numerical role
* @return a collection of {@link GrantedAuthority
*/
public Collection<? extends GrantedAuthority> getAuthorities(Integer role) {
List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
return authList;
}
/**
* Converts a numerical role to an equivalent list of roles
*
* @param role
* the numerical role
* @return list of roles as as a list of {@link String}
*/
public List<String> getRoles(Integer role) {
List<String> roles = new ArrayList<String>();
if (role.intValue() == 1) {
roles.add("ROLE_USER");
roles.add("ROLE_ADMIN");
} else if (role.intValue() == 2) {
roles.add("ROLE_USER");
}
return roles;
}
/**
* Wraps {@link String} roles to {@link SimpleGrantedAuthority} objects
*
* @param roles
* {@link String} of roles
* @return list of granted authorities
*/
public static List<GrantedAuthority> getGrantedAuthorities(List<String> roles) {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
return authorities;
}
}
问题是授权仍然失败。当我调试这个时,我可以看到:
ERROR - CustomUserDetailsService - niceeeeeeeeeeeee
DEBUG - DaoAuthenticationProvider - Authentication failed: password does not match stored value
我做错了什么?
答案 0 :(得分:0)
我在您的配置中看到<password-encoder hash="md5" />
。这意味着您使用md5
在Authentication-Provider中对密码进行编码。因此,您必须使用CustomUserDetailsService
中的md5对“test”进行编码:
new User("test", "encoded_password", getAuthorities(1));