我正在使用 spring mvc 和 spring security(版本 3.1)。该网络应用程序为用户提供了使用 google/gmail 帐户进行登录的选项。这在我的开发环境中运行良好,但是当部署到生产服务器时,注册过程失败,因为在提供正确的谷歌凭据时显示错误凭据异常事件。这是我的 spring-security.xml 配置中的 openid 配置:
<openid-login
login-processing-url="/j_spring_openid_security_check"
default-target-url="/home"
user-service-ref="userOpenIdDetailsService"
authentication-failure-handler-ref="openIdAuthFailureHandler"/>
<logout logout-success-url="/login?rc=2" />
<beans:bean id="userOpenIdDetailsService" class="com.xxx.service.OpenIdUserDetailsServiceImpl"/>
<beans:bean id="openIdAuthFailureHandler" class="com.xxx.controllers.OpenIDAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login?rc=6"/>
</beans:bean>
当返回一个 openid 身份但未在我的数据库中注册时,我实现了一个身份验证失败处理程序来处理注册过程:
public class OpenIDAuthenticationFailureHandler extends
SimpleUrlAuthenticationFailureHandler {
private static Logger logger = Logger.getLogger(OpenIDAuthenticationFailureHandler.class);
@Override
public void onAuthenticationFailure(HttpServletRequest request,
HttpServletResponse response, org.springframework.security.core.AuthenticationException exception)
throws IOException, ServletException {
if(exception instanceof UsernameNotFoundException
&& exception.getAuthentication() instanceof OpenIDAuthenticationToken
&& ((OpenIDAuthenticationToken)exception.getAuthentication()).
getStatus().equals(OpenIDAuthenticationStatus.SUCCESS)) {
DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
OpenIDAuthenticationToken token = (OpenIDAuthenticationToken)exception.getAuthentication();
String url = token.getIdentityUrl();
request.getSession(true).setAttribute("USER_OPENID_CREDENTIAL", url);
String inviteId = (String)request.getSession().getAttribute("INVITE_ID");
if (inviteId != null) {
redirectStrategy.sendRedirect(request, response, "/setup/invite/" + inviteId + "/complete");
} else {
//redirect to create account page
redirectStrategy.sendRedirect(request, response, "/setup/openid/complete");
}
} else {
OpenIDAuthenticationToken token = (OpenIDAuthenticationToken)exception.getAuthentication();
logger.debug("Token Identity: " + token.getIdentityUrl());
logger.debug("Open ID authentication failure: " + exception.getMessage());
logger.debug("Auth Exception: " + exception.toString());
super.onAuthenticationFailure(request, response, exception);
}
}
}
所以我期待一个 UsernameNotFoundException,它在上面的注册处理程序中处理,但我得到一个 org.springframework.security.authentication.BadCredentialsException。从日志中:
Log --> 10:19:17 DEBUG org.springframework.security.openid.OpenIDAuthenticationFilter - Supplied OpenID identity is https://www.google.com/accounts/o8/id?id=open-id-token-here
Log --> 10:19:17 DEBUG org.springframework.security.openid.OpenIDAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Log in failed - identity could not be verified
Log --> 10:19:17 DEBUG org.springframework.security.openid.OpenIDAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
Log --> 10:19:17 DEBUG org.springframework.security.openid.OpenIDAuthenticationFilter - Delegating to authentication failure handlercom.xxx.controllers.OpenIDAuthenticationFailureHandler@435fef7d
Log --> 10:19:17 DEBUG com.xxx.controllers.OpenIDAuthenticationFailureHandler - Token Identity: Unknown
Log --> 10:19:17 DEBUG com.xxx.controllers.OpenIDAuthenticationFailureHandler - Open ID authentication failure: Log in failed - identity could not be verified
Log --> 10:19:17 DEBUG com.xxx.controllers.OpenIDAuthenticationFailureHandler - Auth Exception: org.springframework.security.authentication.BadCredentialsException: Log in failed - identity could not be verified