我的web.xml配置是
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这是我的安全配置
<intercept-url pattern="/*" access="ROLE_USER" />
<intercept-url pattern="/*.ico" filters="none" />
</http>
<beans:bean id="customAuthenticationProvider" class="net.spring3.provider.MyAuthProvider" />
<authentication-manager>
<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager>
这是我的customAuthProvider类
public class MyAuthProvider implements AuthenticationProvider {
@Override
public boolean supports(Class<? extends Object> arg0) {
// TODO Auto-generated method stub
return false;
}
@SuppressWarnings("serial")
private static Map<String, String> SIMPLE_USERS = new HashMap<String, String>(2) {{
put("joe", "joe");
put("bob", "bob");
}};
@SuppressWarnings("serial" )
private static List<GrantedAuthority> AUTHORITIES = new ArrayList<GrantedAuthority>(1) {{
add(new GrantedAuthorityImpl("ROLE_USER"));
}};
@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException
{
// All your user authentication needs
System.out.println("==Authenticate Me==");
if (SIMPLE_USERS.containsKey(auth.getPrincipal())
&& SIMPLE_USERS.get(auth.getPrincipal()).equals(auth.getCredentials()))
{
return new UsernamePasswordAuthenticationToken(auth.getName(), auth.getCredentials(), AUTHORITIES);
}
throw new BadCredentialsException("Username/Password does not match for " + auth.getPrincipal());
}
}
该页面显示登录表单,当我输入bob和bob作为登录时,它会引发以下错误。
Your login attempt was not successful, try again.
Reason: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
我在调试级别ALL检查了日志,这是我得到的。
FINE: Request is to process authentication
Nov 17, 2011 5:37:36 AM org.springframework.context.support.AbstractApplicationContext publishEvent
FINEST: Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ffff8dfd: Principal: sd; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: x4lg4vtktpw9; Not granted any authorities]
Nov 17, 2011 5:37:36 AM org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter unsuccessfulAuthentication
FINE: Authentication request failed: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
对此有任何帮助......我在这里做错了什么?
答案 0 :(得分:33)
正如您在评论中写的那样,问题是您始终在您的身份验证提供程序的false
方法中返回supports()
。但是,不应该总是返回true
,而应该检查authentication
这样的内容:
public class MyAuthenticationProvider implements AuthenticationProvider, Serializable {
@Override
public boolean supports(Class<? extends Object> authentication) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
}
// ...
}
答案 1 :(得分:2)
我有同样的问题。对于我而言,解决方案是在身份验证通过后将AbstractAuthenticationToken.setAuthenticated设置为true。