- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
当我尝试将当前用户对象放入我的 CustomAuthenticationProvider 返回的 UsernamePasswordAuthenticationToken 中时,我遇到了一些问题。所以一开始我需要显示我的 spring-security.xml,它看起来像这样:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/sign/in" access="isAnonymous()" />
<intercept-url pattern="/sign/up" access="isAnonymous()" />
<intercept-url pattern="/secret/page" access="isAuthenticated()" />
<intercept-url pattern="/sign/out" access="isAuthenticated()" />
<intercept-url pattern="/user/myinfo" access="isAuthenticated()" />
<form-login
login-page="/sign/in"
default-target-url="/secret/page"
authentication-failure-url="/sign/in?failed=1"
password-parameter="password"
username-parameter="email"
/>
<csrf disabled="true"/>
<logout
logout-url="/sign/out"
/>
</http>
<authentication-manager erase-credentials="false">
<authentication-provider ref="customAuth">
</authentication-provider>
</authentication-manager>
<beans:bean id="customAuth" class="milkiv.easyword.controller.sign.CustomAuthenticationProvider"/>
我有/sign/in 页面,我在其中输入电子邮件和密码进行登录。因此,使用 AuthenticationProvider 的下一个代码,我总是被重定向到我定义为 login-page="/sign/in 的页面“(不是失败网址,我已经检查过)。顺便说一句,如果只放置用户名而不是用户对象,它就可以正常工作。所以我的 AuthenticationProvider 的代码如下:
@Service(value = "customAuth")
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
public Storages storage;
@Override
@Transactional
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String login = authentication.getName();
String password = authentication.getCredentials().toString();
User user = storage.uSM.findByEmailAndPassword(login, password);
if (user == null) {
return null;
} else {
// if to pur here login insted of user it works fine
return new UsernamePasswordAuthenticationToken(user, password);
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
有趣的是,在我的测试中,看起来:
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {"classpath:resources/spring-context.xml", "classpath:resources/spring-security.xml"})
@WebAppConfiguration
public class InTest {
MockMvc mockMvc;
Storages storages;
@Autowired
private Filter springSecurityFilterChain;
private final String nickname = "LoremIpsum";
private final String email = "lorem@ipsum.com";
private final String password = "loreamipsumpassword";
@Autowired
WebApplicationContext wac; // cached
@Before
public void doBeforeTests() {
mockMvc = MockMvcBuilders
.webAppContextSetup(wac)
.addFilters(springSecurityFilterChain)
.build();
ApplicationContext context = new ClassPathXmlApplicationContext("resources/spring-context.xml", "resources/spring-security.xml");
storages = context.getBean(Storages.class);
}
@Test
public void testSignIn() throws Exception {
mockMvc.perform(
formLogin()
.user("email", email)
.password(password)
)
.andExpect(redirectedUrl("/secret/page"));
}}
.andExpectFunction(redirectedUrl("/secret/page")) 说我已被重定向到 default-target-url="/secret/page",所以看起来之后出现了问题。正如我所读到的 AuthenticationProvider 以某种方式与 AuthenticatioManager 一起工作,也许问题就在这里?有人可以解释我的错误,或者帮助弄清楚发生了什么,或者提供一些帮助我理解的链接,或者其他东西。我将不胜感激任何帮助。提前感谢大家。
添加用户模型:
public class User {
private int userId;
@NotBlank (message = "Email field can not be empty or missed")
@Size(min = 5, max = 128, message = "Email field must have from 5 to 128 symbols")
@Email(message = "Email field must have email format.")
private String email;
@NotBlank (message = "Password field can not be empty or missed")
@Size (min = 5, max = 32, message = "Password field must have from 5 to 32 symbols")
private String password;
@NotBlank (message = "Confirm password field can not be empty or missed")
@Size (min = 5, max = 32, message = "Confirm password field must have from 5 to 32 symbols")
private String confirmPassword;
@NotBlank (message = "Nickname field can not be empty or missed")
@Size (min = 3, max = 32, message = "Nickname field must have from 3 to 32 symbols")
private String nickname;
private Date registrationDate;
private Set studyLanguages;
public User(){
}
public int getUserId() {
return userId;
}
public void setUserId(int userId) {
this.userId = userId;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getNickname() {
return nickname;
}
public void setNickname(String nickname) {
this.nickname = nickname;
}
public Date getRegistrationDate() {
return registrationDate;
}
public void setRegistrationDate(Date registration_date) {
this.registrationDate = registration_date;
}
public Set getStudyLanguages() {
return studyLanguages;
}
public void setStudyLanguages(Set studyLanguages) {
this.studyLanguages = studyLanguages;
}
public String getConfirmPassword() {
return confirmPassword;
}
public void setConfirmPassword(String confirmPassword) {
this.confirmPassword = confirmPassword;
}
}
最佳答案
我认为问题是您使用 UsernamePasswordAuthenticationToken(用户,密码)的方式错误。这里的方法UsernamePasswordAuthenticationToken等待两个参数:主体(通常是字符串用户名)和密码。
通过 Authentification object 获取它们,您做得很好。但用户对象不被视为主体,登录才是。
@Service(value = "customAuth")
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
public Storages storage;
@Override
@Transactional
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String login = authentication.getName();
String password = authentication.getCredentials().toString();
User user = storage.uSM.findByEmailAndPassword(login, password);
if (user == null) {
return null;
} else {
// Here use the user object to only check if the user exists in the database if not null use his login ( principal ) and password
return new UsernamePasswordAuthenticationToken(login, password);
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
一些额外资源:
这是一个link这次你可以对你的用户对象做同样的事情。您将使用UserDetails和 UserDetails
关于java - 如何将 User 对象放入 UsernamePasswordAuthenticationToken(AuthenticationProvider) 中?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36584708/
我的 web.xml 配置是 springSecurityFilterChain org.springframework.web.filter.DelegatingF
我需要编写自定义 Security Spring 过滤器来验证 JWT token 。 我有我的自定义 JWT validator 。当 token 有效时,我必须授权用户。 我像网上提供的其他一些示
我正在研究 Gradle/Java 1.8/Spring Boot、Spring Integration、Spring Batch、Spring Data Rest 项目(我继承了这些项目)。 这里的
当我尝试将当前用户对象放入我的 CustomAuthenticationProvider 返回的 UsernamePasswordAuthenticationToken 中时,我遇到了一些问题。所以一
我是 spring 4.0 的新手。尝试登录时出现错误“没有找到 org.springframework.security.authentication.UsernamePasswordAuthent
我已经配置了 spring security 命名空间来使用我的自定义身份验证管理器进行身份验证: web.xml Application index.html
我正在使用 MongoDB 编写自己的 TokenStore (org.springframework.security.oauth2.provider.token.TokenStore) 实现。为此
我正在尝试使用 Spring-boot 和使用 hibernate 的 oauth2 构建一个 Restful API。 我已经创建了一个 CustomAuthenticationProvider 来
我们正在将应用程序从 Spring Boot 1.5.x 升级到 2.2.x,将 Spring Security 4.x 升级到 5.3.2。我们为网络安全定义了以下内容: @EnableWebSe
我是一名优秀的程序员,十分优秀!