个人中心
gpt4 book ai didi

java - 多个身份验证提供程序 :/j_spring_security_check and social login

转载 作者:行者123 更新时间:2023-12-01 09:27:06 25 4
gpt4 key购买 nike

我的安全 xml 配置有问题。我无法从本地登录的登录表单中访问用户名和密码(社交登录工作正常)

简而言之:当用户提交登录表单时,首先出现在我的代码中的是 UserDetailService 

public SpringSecurityLocalUser loadUserByUsername(final String userId) throws UsernameNotFoundException

其中 userId 是一个空字符串。因此无法进行身份验证。如何获取用户名和密码?非常感谢您的建议

<小时/>

更新我现在非常有信心这个问题是由于我需要第二个身份验证提供商造成的。 (即,一个本地的和一个社会的)。但不知道如何配置

<小时/>

security_applicationContext.xml

<beans xmlns="http://www.springframework.org/schema/beans"
	 xmlns:security="http://www.springframework.org/schema/security"
	 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	 xsi:schemaLocation="http://www.springframework.org/schema/beans
					http://www.springframework.org/schema/beans/spring-beans.xsd
					http://www.springframework.org/schema/security
					http://www.springframework.org/schema/security/spring-security.xsd">

	<security:http use-expressions="true" entry-point-ref="appAuthenticationEntryPoint">

		<security:intercept-url pattern="/login" access="permitAll()" />
		<security:intercept-url pattern="/flow-entry.html" access="hasRole('ROLE_USER')"/>
		<security:intercept-url pattern="/flow-jobpostdata.html" access="permitAll()"/>
		<security:intercept-url pattern="/flow-jobpostdata_anydegree.html" access="permitAll()"/>
		 <security:intercept-url pattern="/j_spring_security_check" access="permitAll()"/>
		
	
	 <!-- Adds social authentication filter to the Spring Security filter chain. -->
		<security:custom-filter before="PRE_AUTH_FILTER" ref="socialAuthenticationFilter"/>
		<security:custom-filter position="FORM_LOGIN_FILTER" ref="SecurityAuthFilter"/>
	
	
	</security:http>

<!-- authentication manager and its provider( social provider deals with social login & local user provider deals with form login ) -->
	<security:authentication-manager alias="authenticationManager">
		<security:authentication-provider ref="socialAuthenticationProvider"/>
		<security:authentication-provider user-service-ref="localUserDetailService"/>
	</security:authentication-manager>

	<bean id="socialAuthenticationProvider" class="org.springframework.social.security.SocialAuthenticationProvider">
		<constructor-arg ref="inMemoryUsersConnectionRepository"/>
		<constructor-arg ref="socialUserDetailService"/>
	</bean>
	 
	 <bean id="appAuthenticationEntryPoint"
		 class=" jake.delivery.controller.welcome.AppAuthenticationEntryPoint">
		<constructor-arg name="loginFormUrl" value="/login"/>
 
	<bean id="failureHandler"
		 class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
		<constructor-arg name="defaultFailureUrl" value="/services/accessdenied"/>
	</bean>
		
	<bean class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
		 id="SecurityAuthFilter">
		<property name="authenticationManager" ref="authenticationManager"/>
		<property name="authenticationSuccessHandler" ref="successHandler"/>
		<property name="authenticationFailureHandler" ref="failureHandler"/>
		<property name="filterProcessesUrl" value="/j_spring_security_check"/>
		<property name="rememberMeServices" ref="rememberMeServices"/	</bean>

	<!-- social login filter which is a pre authentication filter and works for /auth service url -->
	<bean id="socialAuthenticationFilter" class="org.springframework.social.security.SocialAuthenticationFilter">
		<constructor-arg name="authManager" ref="authenticationManager"/>
		<constructor-arg name="userIdSource" ref="userIdSource"/>
		<constructor-arg name="usersConnectionRepository" ref="inMemoryUsersConnectionRepository"/>
		<constructor-arg name="authServiceLocator" ref="appSocialAuthenticationServiceRegistry"/>
		<property name="authenticationSuccessHandler" ref="successHandler"/>
	</bean>

	<!-- inmemory connection repository which holds connection repository per local user -->
	<bean id="inMemoryUsersConnectionRepository"
		 class="org.springframework.social.connect.mem.InMemoryUsersConnectionRepository">
		<constructor-arg name="connectionFactoryLocator" ref="appSocialAuthenticationServiceRegistry"/>
		<property name="connectionSignUp" ref="connectionSignUp"/>
	</bean>

	<!-- service registry will holds connection factory of each social provider-->
	<bean id="appSocialAuthenticationServiceRegistry"
		 class="jake.delivery.controller.welcome.AppSocialAuthenticationServiceRegistry">
		<constructor-arg>
			<list>
				<ref bean="facebookAuthenticationService"/>
			</list>
		</constructor-arg>
	</bean> 

	<bean id="facebookAuthenticationService"
		 class="org.springframework.social.facebook.security.FacebookAuthenticationService">
		<constructor-arg name="apiKey" value="xxxxxxx"/>
		<constructor-arg name="appSecret" value="xxxxxx"/>
	</bean>

	<bean id="userIdSource" class="org.springframework.social.security.AuthenticationNameUserIdSource"/>

	<bean id="connectionSignUp" class="jake.delivery.controller.welcome.AppConnectionSignUp"/>





</beans>

UserDetailService 实现

package jake.prototype2.service.loginservices;

import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import jake.prototype2.model.structure.SSm;

public class LocalUserDetailService implements UserDetailsService {



public LocalUserDetailService()
{
    SSm.getLogger().debug("init" );
}

@Override
@Transactional
public SpringSecurityLocalUser loadUserByUsername(final String userId) throws UsernameNotFoundException 
{

                SSm.getLogger().debug(this.getClass().getName()+"\n\n\n\n\n  I don't do anything yet\n\n\n\n\n\n",new Exception());
                SSm.getLogger().debug("userId" + userId);
                                    throw new UsernameNotFoundException("  fork me sideways  ");

}

}

堆栈跟踪。虽然没有异常(exception),但我捕获了堆栈跟踪以供引用。

java.lang.Exception at jake.prototype2.service.loginservices.LocalUserDetailService.loadUserByUsername(LocalUserDetailService.java:32) at jake.prototype2.service.loginservices.LocalUserDetailService.loadUserByUsername(LocalUserDetailService.java:16) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208) at com.sun.proxy.$Proxy50.loadUserByUsername(Unknown Source) at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:114) at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:144) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1526) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1482) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)

最佳答案

问题实际上与需要多个身份验证提供程序有关。

结果发现只少了一行配置:

<!--  authentication manager and its provider( social provider deals with social login & local user provider deals with form login ) -->
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="socialAuthenticationProvider"/>
    <security:authentication-provider ref="customAuthenticationProvider" />
    <security:authentication-provider user-service-ref="localUserDetailService"/>
</security:authentication-manager>

<bean id="customAuthenticationProvider" class="jake.delivery.controller.welcome.CustomAuthenticationProvider">
    <property name="auService" ref="auService" />
</bean>

我需要为 customAuthenticationProvider 添加一行到 authentication-manager

关于java - 多个身份验证提供程序 :/j_spring_security_check and social login,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39747847/

25 4 0
文章推荐: maven-release-plugin 将快照部署到文件
文章推荐: java - 如何访问 Openfire 服务器中的 RESTAPI 并从该 Web 服务创建用户?
文章推荐: java - 当我尝试发布到我的 spring api 时 403 被禁止?
文章推荐: java - Powermock - 模拟静态类成员
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com