我对弹簧安全配置问题
感到困惑这是我的配置
<security:global-method-security pre-post-annotations="enabled" />
<security:http auto-config="true">
<security:intercept-url pattern="/dologin" access="ROLE_USER,ROLE_ANONYMOUS" />
<security:form-login login-processing-url="/security_check" login-page="/onlogin" always-use-default-target="false" authentication-failure-url="/onlogin" default-target-url="/home" />
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/onlogout" />
<security:remember-me />
<security:http-basic/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="daoAuthenticationProvider"/>
</security:authentication-manager>
<bean id="anonymousAuthenticationProvider"
class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
<property name="key" value="badgerbadgerbadger" />
</bean>
<bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
我的问题是当请求进行身份验证时;我发现只有两个提供商注册。
org.springframework.security.authentication.AnonymousAuthenticationProvider@8fe4ad
org.springframework.security.authentication.RememberMeAuthenticationProvider@1db9cb9
我可能会出错?请描述一下?
答案 0 :(得分:1)
我认为您需要使用security:custom-authentication-provider标记来识别您的自定义提供程序以提高安全性。
例如:
<bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<security:custom-authentication-provider />
<property name="userDetailsService" ref="userDetailsService" />
</bean>
您的anonymousAuthenticationProvider bean也可能需要它。
答案 1 :(得分:1)
尝试以下方法:
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService"/>
</security:authentication-manager>
答案 2 :(得分:1)
是对userDetailsService的引用,但我没有在你的配置中看到这样的bean。
检查过去的错误消息,我希望在那里看到错过的bean的引用。
答案 3 :(得分:0)
在定义安全认证管理器时使用/定义'id'。
例如:
<security:authentication-manager id="authenticationManager" alias="authenticationManager">
<security:authentication-provider ref="daoAuthenticationProvider"/>
</security:authentication-manager>