不调用自定义AuthenticationProvider

时间:2016-04-09 11:01:45

标签: spring spring-security

我想拥有一个基本的身份验证的REST应用程序。我遵循http://www.baeldung.com/spring-security-authentication-provider的一般说明,以确保安全性正常。

我最终创建了AuthenticationProvider的实现,但它永远不会被Spring调用。所有请求都以错误结束:

{"timestamp":1460199213227,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/test"}

没有AuthenticationProvider做任何事情。

该应用程序是基于注释的,以下是相关位:

安全设置 

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
    @Autowired
    CustomAuthenticationProvider authenticationProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authenticationProvider(authenticationProvider)
                .authorizeRequests()
                .anyRequest().authenticated().and().httpBasic();
    }
}

的AuthenticationProvider 

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
    @Autowired
    private UserDAO userDAO;
    @Autowired
    private Authenticator authenticator;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        // This never gets called, I checked with debugger
        String username = authentication.getName();
        String password = authentication.getCredentials().toString();

        User user = userDAO.findByUsername(username);
        User authenticatedUser = authenticator.authenticate(user, password);
        if (authenticatedUser == null){
            throw new RESTAuthenticationException("Auth failed");
        }

        List<GrantedAuthority> authorityList = new ArrayList<>();
        return new UsernamePasswordAuthenticationToken(user, authorityList);
    }

    @Override
    public boolean supports(Class<?> aClass) {
        return aClass.equals(UsernamePasswordAuthenticationToken.class);
    }
}

控制器 

@RestController
public class UserController {
    @RequestMapping(value = "/test")
    public ResponseEntity test(@AuthenticationPrincipal User user) {
        return ResponseEntity.ok().body(user);
    }
}

1 个答案:

答案 0 :(得分:3)

您收到状态代码为401的回复。这是"unauthorized" http status code。这可能是由您的请求中缺少/格式错误的授权标头引起的。

您正在使用Http-Basic:它需要请求中的以下标头:

Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l

其中字符串 QWxhZGRpbjpPcGVuU2VzYW1l 是字符串<user>:<password> base64 encoded。

相关问题
最新问题