- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我正在尝试从工作 jdbc-user-service 切换到实现 AuthenticationProvider 的 customAuthenticationProvider,但是 spring 找不到它。我不确定这是否与我的配置在 xml 中或有什么问题有关。我一开始在我的调度程序 servlet 中添加了一个,但是根据我读到的内容的建议,我也在我的 spring-security.xml 中添加了一个,这没有任何区别。我的配置有什么问题吗?
谢谢!
mvc-dispatch-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<context:component-scan base-package="com.mkyong.*" />
<!-- Currently not working. Made a work around by having resources at /resources and pages at /pages -->
<mvc:resources location="/resources/" mapping="/resources/" />
<!-- also add the following beans to get rid of some exceptions -->
<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" />
<bean
class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
</bean>
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix"><value>/WEB-INF/pages/</value></property>
<property name="suffix"><value>.jsp</value></property>
</bean>
</beans>
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd>
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<!-- login page must be available to all. The order matters, if this is after something which secures the page this will fail. -->
<intercept-url pattern="/pages/login" access="permitAll" />
<intercept-url pattern="/pages/admin/**" access="hasRole('_admin')" />
<intercept-url pattern="/pages/trade/**" access="hasRole('_trader')" />
<intercept-url pattern="/pages/discover/**" access="hasRole('_users')" />
<!-- access denied page -->
<access-denied-handler error-page="/pages/403" />
<form-login
login-page="/pages/login"
default-target-url="/pages/trade/index"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-url="/pages/logout" logout-success-url="/pages/login?logout" />
<!-- enable csrf protection -->
<csrf/>
</http>
<!-- Select users and user_roles from database -->
<authentication-manager>
<authentication-provider ref="CustomAuthenticationProvider"/>
<!--<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select email,pwhash, enabled from users where email=?"
authorities-by-username-query=
"select email, groupname from usergroups where email =? " />
</authentication-provider> -->
</authentication-manager>
</beans:beans>
CustomAuthenticationProvider.java
package com.mkyong.web.controller;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Component;
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
User user = new User();
user.name = authentication.getName();
user.password = authentication.getCredentials().toString();
try {
user.id = Instance.users.getUserByEmail(user.name).getUserID();
} catch (Exception e) {
Instance.debug("CustomAuthenticationProvider authenticate","Error getting user" + e);
}
// use the credentials to try to authenticate against the third party system
if (passVerify(user)) {
List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
try {
UserRoles roles = Instance.users.getUser(user.id).roles;
userRolesToDatabaseRoles(roles, grantedAuths);
} catch (Exception e) {
Instance.debug("CustomAuthenticationProvider authenticate","Error getting user" + e);
}
return new UsernamePasswordAuthenticationToken(user.name, user.password, grantedAuths);
} else {
Instance.debug("CustomAuthenticationProvider authenticate","Unable to authenticate");
return null;
}
}
private void userRolesToDatabaseRoles(UserRoles roles, List<GrantedAuthority> grantedAuths) {
if(roles.admin){
grantedAuths.add(new SimpleGrantedAuthority("_admin"));
}
if(roles.trader){
grantedAuths.add(new SimpleGrantedAuthority("_trader"));
}
if(roles.analyst){
grantedAuths.add(new SimpleGrantedAuthority("_users"));
}
}
private boolean passVerify(User user) {
StringBuffer MD5 = getMD5(user);
try {
//User still has an MD5 password, so change them over to bcrypt
if(MD5.toString().equals(Instance.users.getPasswordHash(user.name))){
String hashedPassword = getBcrypt(user).toString();
instance.users.changePassword(user.id, hashedPassword);
return true;
}
} catch (Exception e) {
instance.debug("CustomAuthenticationProvider passVerify","Error getting userpassword" + e);
}
StringBuffer bcrypt = getBcrypt(user);
if(bcrypt.toString().equals(user.password)){
return true;
}
return false;
}
public StringBuffer getBcrypt(User user) {
//This sets how many rounds bcrypt will run. The high the number the longer it takes which will slow down user login, however it also slows
//down a would be attacker. This is a key advantage of bcrypt over other algorithms. *IMPORTANT* changing the strength will result in needing to
//rehash all passwords. This is very doable but requires more work.
//See http://crypto.stackexchange.com/questions/3003/do-i-have-to-recompute-all-hashes-if-i-change-the-work-factor-in-bcrypt
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(10);
StringBuffer hashedPassword = new StringBuffer();
hashedPassword.append(passwordEncoder.encode(user.password));
return hashedPassword;
}
public StringBuffer getMD5(User user) {
StringBuffer sb = null;
MessageDigest md;
String original = "a";
try {
md = MessageDigest.getInstance("MD5");
md.update(original.getBytes());
byte[] digest = md.digest();
sb = new StringBuffer();
for (byte b : digest) {
sb.append(String.format("%02x", b & 0xff));
}
} catch (NoSuchAlgorithmException e) {
instance.debug("CustomAuthenticationProvider hashMD5","Error getting MD5 instance" + e);
}
return sb;
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
public class User{
public long id;
protected String name, password;
}
}
不确定是否需要发布 web.xml,但它是:
web.xml
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<!-- Spring MVC -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>InitServlet</servlet-name>
<servlet-class>servletInitServlet</servlet-class>
<init-param>
<param-name>configfile</param-name>
<param-value>C:/transmetric/dev/java/WebContent/WEB-INF/config.properties</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>AdminServlet</servlet-name>
<servlet-class>servlet.admin</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet>
<servlet-name>UserServlet</servlet-name>
<servlet-class>servlet.user</servlet-class>
<load-on-startup>4</load-on-startup>
</servlet>
<servlet>
<servlet-name>SignupUserServlet</servlet-name>
<servlet-class>servlet.user.SignupUserServlet</servlet-class>
<load-on-startup>5</load-on-startup>
</servlet>
<servlet>
<servlet-name>ReceiveFile</servlet-name>
<servlet-class>servlet.user</servlet-class>
<load-on-startup>6</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/pages/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AdminServlet</servlet-name>
<url-pattern>/AdminServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>UserServlet</servlet-name>
<url-pattern>/UserServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SignupUserServlet</servlet-name>
<url-pattern>/SignupUserServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ReceiveFile</servlet-name>
<url-pattern>/ReceiveFile</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml,
/WEB-INF/spring-database.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
最佳答案
尝试在 spring-security xml 中定义 CustomAuthenticationProvider bean,而不是使用 @Component 注释。
或者您也可以尝试输入 <context:component-scan base-package="com.mkyong.*" />
在您的安全 xml 中
关于java - 未定义名为 'CustomAuthenticationProvider' 的 bean,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25149757/
注意:根据 ECMAScript5.1, section 15.1.1.3 , window.undefined 是只读的。 现代浏览器正确地实现了这一点。例如:Safari 5.1、Firefox
我用谷歌搜索,检查了所有常见的响应。这些脚本似乎顺序正确(它们在 the demo 中以相同的顺序工作)但由于某种原因,当我尝试实现它时,我得到了错误。 我有一个 paste bin用我完整的页面代码
我有以下代码: simpleExample.html: Simple example Open the Console. js/simpleExampleJS.
所以我对 typescript 很陌生。 这是我的 tsconfig.json 文件的样子, 我什至不知道那些“例子”是从哪里来的 这是我在浏览器中遇到的错误 这是我的 package.json 最佳
我被 TypeScript 错误困住了: Failed to compile. undefined TypeScript error in undefined(undefined,undefined)
我已将 onlcick 事件附加到表单的提交按钮以覆盖默认的 POST 请求,但在使其正常工作时遇到了一些问题。 我想要的是点击添加到购物车的商品,但只显示模式确认而不刷新页面。 这段代码在我的静态示
我已经完成了这个link .但是给定的解决方案并没有解决我的问题。所有经验丰富的人都建议使用 getActivty().getApplicationContext()。但我使用的是普通类(class)
我有一个应用程序,其中 webpack 配置为模块 bundler ,babel 作为我的 js 编译器。全部都在 Node 引擎上。我设置当我运行 npm run dev 时,将会发生以下流程: w
我正在尝试在浏览器中呈现网址的 JSON 数据,但它在 div 中显示为 undefined, undefined .当我将其响应放入console.log时对象及其数据出现,因此它出现在控制台和浏览
为什么我会收到 Cannot invoke an object which is possibly 'undefined'即使在我检查了 func 之后,Typescript 也会出错引用不是未定义的
我想使用airbnb的eslint修改我的代码结构。我已遵循 eslint-config-airbnb 中给出的说明。启动命令后npm run lint,结果由 'fetch' is not Defi
这个问题在这里已经有了答案: What is the consequence of this bit of javascript? (4 个答案) 关闭 9 年前。 我看到一些 jQuery 脚本嵌
我一直收到这个 pouchDB 错误,我不知道这是怎么回事。 Error: connect ENFILE 127.0.0.1:5984 - Local (undefined:undefined)
import os from os.path import abspath, dirname import sys # Set up django project_dir = abspath(dirn
在 javascript 中,要检查变量是否从未创建过,我们只需执行 if (typeof MyVariable !== "undefined"){ ... } 我想知道如何在 CoffeeScrip
我正在尝试编译 FreeLing,它使用 CMake 来检测 Boost。这是负责它的代码: find_package(Boost COMPONENTS regex filesystem thre
我收到“JQUERY 未定义”错误。你有什么想法吗(代码如下)。 $(document).ready(function() { window.print();
无论我是否将 jQuery $.ajax 调用放入 $(document).ready(function() { 中,我都会收到此错误。这是在 ASP.NET MVC .cshtml 文件上.
我正在构建的网站上遇到问题,但数据表不存在加载(在服务器上)但在本地主机(xamp)上工作正常。 Firefox 会抛出错误“$ 未定义”。 我用谷歌搜索了这些错误,我发现一个 friend 的解决方
当我在 $(document).ready 之前明确包含 jQuery 库时,我无法弄清楚为什么它仍然无法识别 jQuery 语法
我是一名优秀的程序员,十分优秀!