Question

我是Spring新手，使用Spring Security需要一些身份验证方面的帮助。此外，如果有人可以，那么明确一些时刻是很好的（我会用（＃{1- ..}）标记它们）因为在开始时我有很多“魔法”和奇怪的东西即使在阅读教程和文档后=（。

所以，我尝试实现AuthenticationProvider，如果我理解authenticate（）方法中的所有内容，我可以组织我的特定身份验证逻辑。所以我的代码看起来像：

（（＃1）如果我理解正确，Spring会自动创建名为value =“customAuth”的bean，并且不需要在任何上下文文件中告诉这个bean。我是对的吗？）的 CustomAuthenticationProvider ：

@Service(value = "customAuth")
public class CustomAuthenticationProvider implements AuthenticationProvider{
    @Autowired
    public Storages storage;

    @Override
    @Transactional
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String login = authentication.getName();
    String password = authentication.getCredentials().toString();
    final User user = storage.uSM.findByAuthorization(login, password);
    if (user==null){
        return null;
    } else {
        return new UsernamePasswordAuthenticationToken(login, password);
    }
    }

    @Override
    public boolean supports(Class<?> authentication) {
    return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
}

的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
    <servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
        classpath:/resources/spring-context.xml
        classpath:/resources/spring-security.xml
        </param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
    <servlet-name>appServlet</servlet-name>
    <url-pattern>/</url-pattern>
    </servlet-mapping>

    <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        classpath:/resources/spring-context.xml
        classpath:/resources/spring-security.xml
    </param-value>
    </context-param>

    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/secret/page</url-pattern>
    </filter-mapping>
    <mvc:default-servlet-handler/>
</web-app>

弹簧security.xml文件：

<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security.xsd">

    <http auto-config="true" use-expressions="true">
    <intercept-url pattern="/secret/page" access="isAuthenticated()"/>
    <form-login
        login-page="/sign/in"
        default-target-url="/secret/page"
        authentication-failure-url="/sign/in"
        password-parameter="password"
        username-parameter="username"
    />
    </http>

    <authentication-manager>
    <authentication-provider ref="customAuth"/>
    </authentication-manager>
</beans:beans>

下一个是我的in.jsp文件，带有我的自定义登录表单。在我阅读时，此表单将默认发送到/ login（我知道我们可以通过设置 login-processing-url 来更改它）。第二个问题（＃2）是关于这个“/ login”。我可以理解当我们将表单发布到/ login时，我们将它发送给Spring类创建的一些，它将管理它并将必要的数据提供给我们在此设置的AuthorizationProvider：<authentication-provider ref="customAuth"/>？或者我错了？无论如何，它不起作用。 A尝试了很多变种，但没有人不起作用。所以这是我的 in.jsp ：

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
    </head>
    <body>
    <c:if test="${failed==1}">  
        <font color="red">
        Authentication failed. Wrong email/password.
        </font>
    </c:if>

    <form action="${pageContext.servletContext.contextPath}/login" method="POST">
        <label> E-mail </label>
        <input type="email" name="username" required><br>
        <label> Password </label>
        <input type="password" name="password" required><br>
        <input type="submit" value="Sign in"><br>
    </form>
    </body>
</html>

和 In.java @Controller：

@Controller
@RequestMapping ("/sign/in")
public class In {
    @RequestMapping (method = {RequestMethod.GET})
    public String showForm(@RequestParam(required = false) Integer failed, ModelMap model){
    model.addAttribute("failed", failed);
    return "sign/in";
    }
}

在这种情况下，在我发布表单后，它会将我重定向到/ login并发生404错误，因为它不存在。

有人可以帮忙修复它吗？我将不胜感激任何解释，链接和想法。提前谢谢。

Answer 1

替代解决方案：

（＃1）您应该使用＆＃34; customAuth＆＃34;创建bean。作为id因为spring会引用此ID来使用CustomAuthenticationProvider类，只需离开@Service而没有任何参数就可以了。（你可以试试）

（＃2）在您提交登录页面in.jsp后，spring将处理您在login-processing-url=/login中未声明的<form-login>事件中的信息。是的春天会引用CustomAuthenticationProvider。如果您的登录成功，spring会将您重定向到default-target-url="/secret/page"。如果登录失败，它将重定向到可用的允许页面。

我已经更改了部分代码

<强>的web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
    classpath:/resources/spring-context.xml
    classpath:/resources/spring-security.xml
    </param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<mvc:default-servlet-handler/>

<强>弹簧security.xml文件

<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security.xsd">

<http auto-config="true" use-expressions="true">
<intercept-url pattern="/sign/in" access="permitAll()" /> 
<intercept-url pattern="/**" access="isAuthenticated()" />

<form-login
    login-page="/sign/in"
    default-target-url="/secret/page"
    authentication-failure-url="/sign/in"
    password-parameter="password"
    username-parameter="username"
/>
</http>

<authentication-manager>
<authentication-provider ref="customAuth"/>
</authentication-manager>

<beans:bean id="customAuth" class="xx.xxx.xxxx.CustomAuthenticationProvider" />
</beans:beans>

<强> in.jsp

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>JSP Page</title>
</head>
<body>
<c:if test="${failed==1}">  
    <font color="red">
    Authentication failed. Wrong email/password.
    </font>
</c:if>

<form action="<c:url value='/login />'" method="POST">
    <label> E-mail </label>
    <input type="email" name="username" required><br>
    <label> Password </label>
    <input type="password" name="password" required><br>
    <input type="submit" value="Sign in"><br>
</form>
</body>

404的原因是因为您需要使用/secret/page定义控制器并返回所需的JSP文件。

希望得到它的帮助。

如何使用AuthenticationProvider Spring Security？

1 个答案: