1

我有自定义身份验证提供程序。当我想从其他类调用方法时,什么也没有发生,我不知道为什么。请帮忙:

package org.sample.web.security;

import java.util.ArrayList;
import java.util.List;

import org.sample.web.service.SimpleService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private SimpleService simpleService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        logger.error("1111111111111111");
        String name = authentication.getName();
        String password = authentication.getCredentials().toString();
        simpleService.doNothing();
        logger.error("2222222222222222");

        if (name.equals("admin") && password.equals("system")) {
            List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
            grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
            Authentication auth = new UsernamePasswordAuthenticationToken(name, password, grantedAuths);
            return auth;
        } else {
            return null;
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }

    public void setSimpleService(SimpleService simpleService) {
        this.simpleService = simpleService;
    }
}

身份验证方法的输出只是:

DEBUG - ProviderManager            - Authentication attempt using org.sample.web.security.CustomAuthenticationProvider
ERROR - stomAuthenticationProvider - 1111111111111111

当我表扬行时什么也不做

//            simpleService.doNothing();

然后它开始工作为什么?

DEBUG - ProviderManager            - Authentication attempt using org.sample.web.security.CustomAuthenticationProvider
ERROR - stomAuthenticationProvider - 1111111111111111
ERROR - stomAuthenticationProvider - 2222222222222222
TRACE - XmlWebApplicationContext   - Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@9561: Principal: aaa; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities]
DEBUG - DefaultListableBeanFactory - Returning cached instance of singleton bean 'methodRegistrar'
DEBUG - BasicAuthenticationFilter  - Authentication request for failed: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
DEBUG - nSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
DEBUG - tyContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

安全上下文:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/util 
        http://www.springframework.org/schema/util/spring-util-3.1.xsd">


    <http use-expressions="true">
        <intercept-url pattern="/**" access="isAuthenticated()" />
        <http-basic />
    </http>

    <global-method-security pre-post-annotations="enabled" />

    <authentication-manager>
        <authentication-provider ref="customAuthenticationProvider" />
    </authentication-manager>

</beans:beans>
4

1 回答 1

1

从您的描述看来,simpleService.doNothing() 方法似乎永远不会返回,从而导致您的线程卡住,这就是您的 authenticate() 方法中的其他代码未到达的原因。

顺便说一句,使用调试器的简单测试应该很容易发现问题。

编辑: 由于我理解调试不是这里的一个选项,所以要走的方法是在调用方法之前、方法内部和方法之后打印到日志。

由于您已经完成并且该方法未打印,因此现在有 2 个选项:

  1. simpleReceiver 为空,一个简单的带有日志的 try catch 应该会显示它。

  2. simpleReceiver 不是 SimpleReceiver 类型,而是在其函数中执行无限长时间工作的派生类,如果是这种情况,则实例类型的简单日志打印应该显示它。

于 2013-06-13T10:46:48.990 回答