为什么我在实现自定义身份验证提供程序时无法从其他类调用方法

时间:2013-06-13 10:40:05

标签: java spring-security

我有自定义身份验证提供程序。当我想从其他类调用方法时没有任何反应,我不知道为什么。请帮忙:

package org.sample.web.security;

import java.util.ArrayList;
import java.util.List;

import org.sample.web.service.SimpleService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private SimpleService simpleService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        logger.error("1111111111111111");
        String name = authentication.getName();
        String password = authentication.getCredentials().toString();
        simpleService.doNothing();
        logger.error("2222222222222222");

        if (name.equals("admin") && password.equals("system")) {
            List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
            grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
            Authentication auth = new UsernamePasswordAuthenticationToken(name, password, grantedAuths);
            return auth;
        } else {
            return null;
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }

    public void setSimpleService(SimpleService simpleService) {
        this.simpleService = simpleService;
    }
}

认证方法的输出只是:

DEBUG - ProviderManager            - Authentication attempt using org.sample.web.security.CustomAuthenticationProvider
ERROR - stomAuthenticationProvider - 1111111111111111

当我称赞行无所作为

//            simpleService.doNothing();

然后它开始工作为什么?

DEBUG - ProviderManager            - Authentication attempt using org.sample.web.security.CustomAuthenticationProvider
ERROR - stomAuthenticationProvider - 1111111111111111
ERROR - stomAuthenticationProvider - 2222222222222222
TRACE - XmlWebApplicationContext   - Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@9561: Principal: aaa; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities]
DEBUG - DefaultListableBeanFactory - Returning cached instance of singleton bean 'methodRegistrar'
DEBUG - BasicAuthenticationFilter  - Authentication request for failed: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
DEBUG - nSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
DEBUG - tyContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

安全背景:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/util 
        http://www.springframework.org/schema/util/spring-util-3.1.xsd">


    <http use-expressions="true">
        <intercept-url pattern="/**" access="isAuthenticated()" />
        <http-basic />
    </http>

    <global-method-security pre-post-annotations="enabled" />

    <authentication-manager>
        <authentication-provider ref="customAuthenticationProvider" />
    </authentication-manager>

</beans:beans>

1 个答案:

答案 0 :(得分:1)

从你的描述看来,simpleService.doNothing()方法似乎永远不会返回, 从而导致你的线程卡住, 这就是为什么没有达到authenticate()方法中的其他代码的原因。

顺便说一句,使用调试器进行简单测试可以轻松地揭示问题。

修改 因为我知道调试不是一个选项,所以要打印到日志 在调用方法之前,在方法内部和方法之后。

由于您已经完成并且该方法无法打印,因此现在有两个选项:

  1. simpleReceiver为null,使用日志的简单try catch应该显示它。

  2. simpleReceiver不是SimpleReceiver类型,而是一个执行无限长时间工作的派生类 在其功能中,如果是这种情况,实例类型的简单日志打印应该显示它。