我想使用自定义身份验证提供程序将spring security(使用Java配置)添加到我的应用程序中,但是我无法使其工作。似乎authenticationProvider没有很好地配置,因为我无法调试方法验证(身份验证),并且println不打印任何东西。并且每个请求都以403响应。
任何人都可以帮助我这个,我为这个周末感到震惊。
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(new AuthenticationProvider(){
@Override
public Authentication authenticate(Authentication arg0) throws AuthenticationException {
System.out.println("authenticating...");
return arg0;
}
@Override
public boolean supports(Class<?> arg0) {
return true;
}
});
}
}
答案 0 :(得分:1)
如果身份验证成功,则class的authenticate()函数必须返回UsernamePasswordAuthenticationToken实例,否则返回null。
**
org.springframework.security.authentication.ProviderManager和configure是(将其提供者设置)为自定义 org.springframework.security.authentication.AuthenticationProvider; 这应该在其身份验证方法上返回一个身份验证,即 应使用GrantedAuthority
进行设置
**
以下是一个示例身份验证管理器代码,用于设置权限并返回身份验证对象。
您可以尝试注入您拥有的customAUthenticationProvider类,然后在configure方法中使用它吗?
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthenticationProvider);
}
是否有适合弹簧安全的Web xml映射?
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- use the springSecurityFilterChain -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter- class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<!-- NOTE This does not specify its own configuration it is
loaded by the ContextLoaderListener instead -->
<!-- NOTE by default the filter name is used to
look up the Spring Security Filter Chain if you like you
can use any filter name you want, but you must specify
the bean name instead in this instance. Since we use the
springSecurityFilterChain as the filter name this is not
necessary
<init-param>
<param-name>targetBeanName</param-name>
<param-value>springSecurityFilterChain</param-value>
</init-param> -->
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
以下是一个示例弹簧安全项目:https://github.com/spring-projects/spring-security-javaconfig