我想检查authenticationProvider中的用户名和密码,但不知道为什么我无法调用authenticate方法。我正在通过spring security实现REST登录服务。我的web.xml是
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/applicationContext.xml
WEB-INF/spring-security.xml</param-value>
</context-param>
<!-- Spring Security Filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
com.sun.jersey.spi.spring.container.servlet.SpringServlet
</servlet-class>
<init-param>
<param-name>
com.sun.jersey.config.property.packages
</param-name>
<param-value>com.zymr.ojo.action</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>jsp/login.jsp</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
和spring-security.xml如下...
<context:component-scan base-package="com.zymr.ojo" />
<security:global-method-security pre-post-annotations="enabled" secured- annotations="enabled" />
<!-- Security configuration for REST services. -->
<security:http use-expressions="true" entry-point-ref="restEntryPoint" create- session="always">
<!-- <security:http-basic/> -->
<security:intercept-url pattern="/rest/question/**" access="isAuthenticated()"/>
<!-- <security:intercept-url pattern="/rest/login/userLogin" access="permitAll"/> -->
<security:form-login login-processing-url="/rest/login/userLogin" username-parameter="admin" password-parameter="password"/>
</security:http>
<!-- Authentication manager. -->
<security:authentication-manager >
<security:authentication-provider user-service-ref="authProvider" >
</security:authentication-provider>
</security:authentication-manager>
<!-- Entry point for REST service. -->
<bean id="restEntryPoint" class="com.zymr.ojo.security.RestAuthenticationEntryPoint" />
<!-- A handler for successful REST service authentication. -->
<bean id="authSuccessHandler" class="com.zymr.ojo.security.RestAuthenticationSuccessHandler"></bean>
<bean id="authProvider" class="com.zymr.ojo.security.RestAuthenticationProvider" ></bean>
和RESTAuthenticationProvider类是
@Component公共类
RestAuthenticationProvider实现AuthenticationProvider,
的UserDetailsService {
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
System.out.println("in authProvider");
String username = authentication.getName();
String password = (String) authentication.getCredentials();
if(username != null && password != null){
System.out.println(username+ " "+ password);
}
return null;
}
public boolean supports(Class<?> authentication) {
// TODO Auto-generated method stub
return false;
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
System.out.println(username);
return null;
}
}
答案 0 :(得分:0)
问题在于supports(..)方法始终返回false。您的入口点应该为用户提供填充Authentication实例的方法,如果 supports方法返回true,这将被赋予authenticate方法。
答案 1 :(得分:-1)
请参阅以下链接。此链接指定添加UsernamePasswordAuthenticationFilter。我尝试了这个,但它没有调用login.html表单。
http://www.networkedassets.com/configuring-spring-security-for-a-restful-web-services/