Spring Security自定义身份验证提供程序403响应

时间:2016-05-26 18:46:45

标签: java spring spring-security spring-boot

我正在尝试在Spring Boot App中使用Spring Security实现一个简单的自定义身份验证提供程序,但它不起作用。

我的自定义身份验证提供程序是:

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider{
    @Override
    public Authentication authenticate(Authentication a) {
      try{
        List<GrantedAuthority> roles = new ArrayList<>();
        roles.add(new SimpleGrantedAuthority("USER"));
        UsernamePasswordAuthenticationToken u = new UsernamePasswordAuthenticationToken("usuario", "password", roles);
        return u;
      }catch(Exception e){
        return null;
      }
}

  @Override
  public boolean supports(Class<?> type) {
    return true;
  }
}

我的安全配置是这样的:

@Configuration
@EnableWebSecurity
@EntityScan(basePackages = "sirio.io.models")
public class AppConfiguration {

   @Configuration
   @Order(1)
   public static class ApiWebSecurity extends WebSecurityConfigurerAdapter{
       @Autowired
       private CustomAuthenticationProvider customAuthenticationProvider;

        @Override
        public void configure(HttpSecurity http) throws Exception{
           http.antMatcher("/admin/**")
               .authorizeRequests()
               .anyRequest()
               .hasRole("USER")
               .and()
               .httpBasic()
               .and()
               .authenticationProvider(customAuthenticationProvider);
         }
   }
}

我在CustomAuthProvider中确定了几个断点并且已经调用了但是我总是在浏览器中得到403响应

[编辑] 尝试了另一种类型的自定义身份验证提供程序,但结果相同。 

@Component
public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider{

    @Override
    protected void additionalAuthenticationChecks(UserDetails ud, UsernamePasswordAuthenticationToken upat) throws AuthenticationException {

    }

    @Override
    protected UserDetails retrieveUser(String string, UsernamePasswordAuthenticationToken upat) throws AuthenticationException{
       List<GrantedAuthority> authoritys = new ArrayList<>();
       authoritys.add(new SimpleGrantedAuthority("USER"));
      UserDetails ud = new User("usuario", "password", authoritys);
      return ud;
    }

}

1 个答案:

答案 0 :(得分:0)

Spring有一个用于用户名/密码身份验证的抽象实现。将其扩展到您所需的实施。

https://github.com/spring-projects/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java

相关问题
最新问题