为什么我的自定义身份验证在Spring Security 3中不起作用?

时间:2013-09-01 19:58:53

标签: spring-security

我在尝试实现自己的Customauthentication时遇到了spring security 3的问题。按照this页面步骤编写了这个类:

public class CustomAuth implements AuthenticationManager {

@Override
public Authentication authenticate(Authentication auth)
        throws AuthenticationException {

    UserService service = new UserService();

    User user = service.login((String) auth.getPrincipal(), new String(
            DigestUtils.sha256((String) auth.getCredentials())));

    LinkedList<GrantedAuthority> authorities = new LinkedList<>();

    if (user != null) {
        authorities.add(new SimpleGrantedAuthority(user.getRole()));

        return new UsernamePasswordAuthenticationToken(user.getUsername(),
                user.getPassword(), authorities);
    }

    return null;
}

}

这是我的spring-security.xml 

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-3.1.xsd">


<security:http pattern="/resources/**" security="none" />

<security:http auto-config="true" >

    <security:intercept-url pattern="/user/**"
        access="ROLE_USER" />
    <security:intercept-url pattern="/admin/**"
        access="ROLE_ADMIN,ROLE_USER" />

    <security:form-login login-page="/login"
        authentication-failure-url="/login?error=true" />

    <security:logout invalidate-session="true" />

    <security:session-management>
        <security:concurrency-control
            max-sessions="1" />

    </security:session-management>


</security:http>
<security:authentication-manager>
    <security:authentication-provider ref="myAuthProvider" />

</security:authentication-manager>


    <bean id="myAuthProvider" class="org.jhonnytunes.security.CustomAuth">

</bean>

</beans>

当app不在浏览器中显示时,tomcat7正在记录this

我正在使用:

  1. Eclipse Kepler
  2. Ubuntu 13.04
  3. JDK 1.7
  4. Tomcat7
  5. Eclipse STS插件

    6. 这可能是什么?

2 个答案:

答案 0 :(得分:3)

CustomAuth应该实施AuthenticationProvider,而不是AuthenticationManager

答案 1 :(得分:0)

实现'AuthenticationProvider'而不是'AuthenticationManager'

'抛出新的BadCredentialsException(String)'而不是'return null'

相关问题
最新问题