Spring Security身份验证提供程序无法运行

Question

我正在使用Spring 4.0.9并希望与Spring Security 4.0.4集成。我使用以下配置配置了我的Spring Web项目：

  

的web.xml

ActionController::Parameters.action_on_unpermitted_parameters = :raise

  

  

应用-config.xml中

<servlet>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>
                /WEB-INF/app-config.xml
            </param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    <url-pattern>/app/*</url-pattern>
  </servlet-mapping>
 <!-- Spring Security -->
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/security-context.xml</param-value>
</context-param>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener
    </listener-class>
</listener>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

  

安全-context.xml中

....
<task:annotation-driven/>
<context:annotation-config/>
<context:component-scan base-package="com.example" />
<mvc:annotation-driven />
....

所有重定向到未经授权的URL都正常工作（即它可以重定向到登录页面<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"> <http pattern="/resources/**" security="none" /> <http pattern="/js/**" security="none" /> <http auto-config="true" authentication-manager-ref="customAuthenticationManager"> <headers> <frame-options policy="SAMEORIGIN" /> </headers> <access-denied-handler error-page="/app/Login/" /> <intercept-url pattern="/app/Login/" access="permitAll" /> <intercept-url pattern="/**" access="isAuthenticated()" /> <form-login login-page="/app/Login/" default-target-url="/" username-parameter="username" password-parameter="password" /> </http> <!-- print debug log --> <debug/> <authentication-manager alias="customAuthenticationManager" id="customAuthenticationManager"> <authentication-provider ref="customAuthenticationProvider" /> </authentication-manager> <beans:bean id="customAuthenticationProvider" class="com.example.CustomAuthenticationProvider"> </beans:bean> </beans:beans> ）。但是，当我尝试登录时，它不会加载到我的/app/Login/。它似乎完全忽略了我的身份验证提供程序。

  

CustomAuthenticationProvider.java

CustomAuthenticationProvider

以下是我用于提交登录请求的Login JSP页面。我已经设置了参数用户名和密码，让操作为空。据我所知，我们可以将其留空，以便Spring Security使用AuthenticationProvider处理POST请求。我尝试在类中设置断点或在authenticate（）方法中打印日志，但没有发生任何事情。

  

的login.jsp

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
private UserDAO userDAO;

public CustomAuthenticationProvider() {
    super();
    System.out.println("Test Provider");
}

@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException {

    String name = auth.getName();
    String password = auth.getCredentials().toString();
    System.out.println(name +" "+ password);
    ...
}
@Override
   public boolean supports(Class<?> authentication) {
       return authentication.equals(
         UsernamePasswordAuthenticationToken.class);
   }

以下是我提交POST请求时的Spring Security调试日志：

<form:form method="POST" id="form1" commandName="formVO">
<table width="600px" border="0" class="noGridTable" align="center">
    <tr style="height: 80px">
        <td class="message">User ID:</td>
        <td>
                <input name="username" id="username" type="text" class="normalInput" style="width:320px"
                    required/>
            </td>
    </tr>
    <tr>
        <td class="message">Password:</td>
        <td><input name="password" id="password" type="password" style="width:320px" required/></td>
    </tr>
    <tr style="height: 100px">
        <td></td>
        <td>
            <input  name="submit" type="submit" value="Submit" />
        </td>
        <td>&nbsp;</td>
    </tr>
</table>