我有一个网络应用程序,我正在使用spring security。我在securityContext.xml中为身份验证提供程序配置了这个配置:
<authentication-provider>
<password-encoder hash="sha-256" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="<the query>"
authorities-by-username-query="<the other query>" />
</authentication-provider>
这很好用。现在我想在java类的customAuthentication提供程序中进行身份验证。类似的东西:
public class CustomAuthenticationProvider implements AuthenticationProvider {
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
//I check the username-password, and grantedAuths
Authentication auth = new UsernamePasswordAuthenticationToken(name, password, grantedAuths);
return auth;
else //it enters here with an incorrect username-password (the if is in the original code)
{
return null;
}
}
现在,身份验证工作正常。一个不正确的用户名密码,不允许您登录,一个正确的用户密码。问题是,我在应用程序中使用了Principal对象,并且我收到了像
这样的错误Invalid property 'principal.username' of bean class [org.springframework.security.authentication.UsernamePasswordAuthenticationToken]:
为什么customAuthenticationProvider没有创建Principal对象? (我认为这是问题)我怎样才能创建它(Principal对象)?
答案 0 :(得分:0)
试试这个,
public class CustomAuthenticationProvider implements AuthenticationProvider {
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getPrincipal();
String password = authentication.getCredentials().toString();
List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
//I check the username-password, and grantedAuths
Authentication auth = new UsernamePasswordAuthenticationToken(name, password, grantedAuths);
return auth;
else //it enters here with an incorrect username-password (the if is in the original code)
{
return null;
}
}