Spring Security Java配置 - Dummy UserDetailsS​​ervice未进行身份验证

Question

我正在尝试通过实现虚拟身份验证服务来测试我的自定义登录表单。登录表单正确地将用户名传递给服务，但身份验证失败。

SecurityConfig.java：

package com.acme.security.config;

import javax.annotation.Resource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
      auth.inMemoryAuthentication().withUser("user").password("123456").roles("USER");
      auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN");
      auth.inMemoryAuthentication().withUser("dba").password("123456").roles("DBA");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

      http.authorizeRequests()
        .antMatchers("/admin/**").hasRole("ADMIN")
        .antMatchers("/resources/**").permitAll()
        .and().formLogin().loginPage("/Login").permitAll()
        .failureUrl("/Login?error")
        .usernameParameter("username").passwordParameter("password")        
        .and().logout().logoutSuccessUrl("/login?logout")
        .and().csrf()
        .and().requiresChannel()
        .antMatchers("/login/**").requiresSecure()
        .anyRequest().requiresInsecure();
    }

    @Resource(name="authService")
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }
}

TestUserDetailsS​​ervice：

package com.acme.testing;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import com.acme.controller.HomeController;

@Service("authService")
public class TestUserDetailsService implements UserDetailsService {
    private static final Logger logger = LoggerFactory.getLogger(HomeController.class);
    @Override
    public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException {
    logger.info(username);
    if(username == "user") return new TestUserDetails();
    else throw new UsernameNotFoundException("Username not found!");
    }
}

TestUserDetails：

package com.acme.testing;

import java.util.ArrayList;
import java.util.Collection;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

public class TestUserDetails implements UserDetails {
    private static final long serialVersionUID = 1L;

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
    ArrayList<TestGrantedAuthority> auths = new ArrayList<TestGrantedAuthority>();
    TestGrantedAuthority a = new TestGrantedAuthority();
    auths.add(a);
    return auths;
    }

    @Override
    public String getPassword() {
    return "password";
    }

    @Override
    public String getUsername() {
    return "user";
    }

    @Override
    public boolean isAccountNonExpired() {
    return true;
    }

    @Override
    public boolean isAccountNonLocked() {
    return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
    return true;
    }

    @Override
    public boolean isEnabled() {
    return true;
    }
}

TestGrantedAuthority：

package com.acme.testing;

import org.springframework.security.core.GrantedAuthority;

public class TestGrantedAuthority implements GrantedAuthority {
    private static final long serialVersionUID = 1L;

    @Override
    public String getAuthority() {
    return "ROLE_USER";
    }
}

在提交“user”和“password”后，记录器输出“user”，页面被重定向到/ Login？错误。我对此的理解并不是很好，所以我不确定为什么会这样。

Answer 1

您应该在＆＃39; TestUserDetailsS​​ervice＆＃39;中使用.equals（＆＃34; user＆＃34;）而不是==。请阅读this了解原因。

您的应用程序是否会抛出UsernameNotFoundException？

为了更好地调试和理解发生的事件以及身份验证失败的原因，您可以在DEBUG lvl上配置Spring Security的日志记录。