尝试使用Spring安全性进行身份验证过程,但获取Bad credentials异常。我在spring-security.xml文件中定义了一些内容
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
</beans:bean>
<authentication-manager id="customerAuthenticationManager">
<authentication-provider user-service-ref="customerDetailsService">
<password-encoder hash="sha" />
</authentication-provider>
</authentication-manager>
customerDetailsService是我们自己实现的弹簧安全性。在注册用户的Java代码中,我在为数据库添加密码之前编码提供的密码
import org.springframework.security.authentication.encoding.PasswordEncoder;
@Autowired
private PasswordEncoder passwordEncoder;
customerModel.setPassword(passwordEncoder.encodePassword(customer.getPwd(), null));
当我尝试调试我的应用程序时,似乎Spring正在调用AbstractUserDetailsAuthenticationProvider身份验证方法,当它使用additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); DaoAuthenticationProvider执行additionalAuthenticationCheck时,它会在以下点抛出Bad凭证异常< / p>
if (authentication.getCredentials() == null) {
logger.debug("Authentication failed: no credentials provided");
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), userDetails);
}
我不确定我在哪里做错了,在这里需要做些什么来把事情放在正确的位置,我已经检查过客户是否在数据库中并且密码是编码的。
答案 0 :(得分:1)
更改
的密码编码器声明<password-encoder hash="sha" />
到
<password-encoder ref="passwordEncoder" />
检查您的customerDetailsService是否从数据库加载用户凭据。 如果您仍然收到错误的凭据异常:将erase-credentials =“false”添加到您的authenticationManager。
<authentication-manager id="customerAuthenticationManager" erase-credentials="false">
<authentication-provider user-service-ref="customerDetailsService">
<password-encoder hash="sha" />
</authentication-provider>
</authentication-manager>