Question

我正在尝试使用spring security来控制我的RMI客户端应用程序中的身份验证。

我正在使用maven加载3.1.3.RELEASE spring

然后在我的客户端xml中，我看到“此处不允许身份验证提供程序”消息。

这是spring xml文件：

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:security="http://www.springframework.org/schema/security"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
">

<bean id="employeeService" class="org.springframework.remoting.rmi.RmiProxyFactoryBean">
    <property name="serviceUrl" value="rmi://localhost:1234/employee-service"/>
    <property name="serviceInterface" value="rmi.common.EmployeeService"/>
    <property name="refreshStubOnConnectFailure"><value>true</value></property>
    <property name="remoteInvocationFactory"><ref bean="remoteInvocationFactory"/></property>
</bean>

<bean id="remoteInvocationFactory" class="org.springframework.security.remoting.rmi.ContextPropagatingRemoteInvocationFactory"/>
    <security:authentication-manager alias="authManager">
        <security:authentication-provider ref="customAuthenticationProvider"/>
    </security:authentication-manager>

    <bean id="customAuthenticationProvider" class="rmi.authentication.CustomAuthenticationProvider"/>
</beans>

这是我的客户端代码：包rmi.client;

import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import rmi.common.Employee;
import rmi.common.EmployeeService;
import javax.annotation.Resource;
import java.util.Iterator;
import java.util.List;

public class EmployeeClient {

@Resource(name = "authManager")
private org.springframework.security.authentication.AuthenticationManager authenticationManager; // specific for Spring Security

private  static ApplicationContext ctx;

public static void main(String[] args) {
    ctx = new ClassPathXmlApplicationContext("rmi-client-context.xml");
    new EmployeeClient().exec();
}
public void exec() {
    EmployeeService employee = (EmployeeService) ctx.getBean("employeeService");


    Authentication authenticate = authenticationManager.authenticate(
            new UsernamePasswordAuthenticationToken("myuser", "mypwd"));

    if (authenticate.isAuthenticated()) {
        SecurityContextHolder.getContext().setAuthentication(authenticate);
    }

        employee.addEmployee(new Employee("Jack Su", "address1"));
        employee.addEmployee(new Employee("Alice Liu", "address2"));
        List<Employee> employees = employee.getEmployees();
        System.out.println("Total number of employees: " + employees.size());
        Iterator<Employee> it = employees.iterator();
        while (it.hasNext()) {
            Employee emp = (Employee) it.next();
            System.out.println(" " + emp);
        }
    }

}

这是我的测试身份验证提供程序：

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import java.util.ArrayList;
import java.util.List;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

@Override
public Authentication authenticate(Authentication argAuth) throws AuthenticationException {



        List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
        grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));

        Authentication auth = new UsernamePasswordAuthenticationToken(argAuth.getPrincipal(),
                argAuth.getCredentials(), grantedAuths);
        auth.setAuthenticated(true);
        return auth;

}

@Override
public boolean supports(Class<?> authentication) {
    return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}

Answer 1

不确定您的确切错误，但配置中的某些内容可能有误。您的EmployeeClient不是Spring-Managed-Bean，因为您使用new-operator创建它，因此您的@Resource(name = "authManager")不应该工作。如果您发布了所有配置authenticationManager.authenticate(..)，则应生成NullPointerException。

而不是新的，你可以在你的主。

   EmployeeClient client = (EmployeeClient) ctx.getBean("employeeClient");
   client.exec();

（并将@Service添加到EmployeeClient）。

在春季3.1为什么安全：在安全性中不允许使用身份验证提供程序：authentication-manager？

1 个答案: