0

我在尝试实现自己的自定义身份验证时遇到了 spring security 3 的问题。按照这个页面步骤,我编写了这个类:

public class CustomAuth implements AuthenticationManager {

@Override
public Authentication authenticate(Authentication auth)
        throws AuthenticationException {

    UserService service = new UserService();

    User user = service.login((String) auth.getPrincipal(), new String(
            DigestUtils.sha256((String) auth.getCredentials())));

    LinkedList<GrantedAuthority> authorities = new LinkedList<>();

    if (user != null) {
        authorities.add(new SimpleGrantedAuthority(user.getRole()));

        return new UsernamePasswordAuthenticationToken(user.getUsername(),
                user.getPassword(), authorities);
    }

    return null;
}

}

这是我的 spring-security.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
      http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
      http://www.springframework.org/schema/security
      http://www.springframework.org/schema/security/spring-security-3.1.xsd">


<security:http pattern="/resources/**" security="none" />

<security:http auto-config="true" >

    <security:intercept-url pattern="/user/**"
        access="ROLE_USER" />
    <security:intercept-url pattern="/admin/**"
        access="ROLE_ADMIN,ROLE_USER" />

    <security:form-login login-page="/login"
        authentication-failure-url="/login?error=true" />

    <security:logout invalidate-session="true" />

    <security:session-management>
        <security:concurrency-control
            max-sessions="1" />

    </security:session-management>


</security:http>
<security:authentication-manager>
    <security:authentication-provider ref="myAuthProvider" />

</security:authentication-manager>


    <bean id="myAuthProvider" class="org.jhonnytunes.security.CustomAuth">

</bean>

</beans>

而tomcat7正在记录这个当应用程序未在浏览器中显示时

我在用着:

  1. 日食开普勒
  2. Ubuntu 13.04
  3. JDK 1.7
  4. 雄猫7
  5. Eclipse STS 插件

这可能是什么?

4

2 回答 2

3

CustomAuth应该执行AuthenticationProvider,不是AuthenticationManager

于 2013-09-01T21:33:46.650 回答
0

实现“AuthenticationProvider”而不是“AuthenticationManager”

'抛出新的 BadCredentialsException (String)' 而不是 'return null'

于 2017-02-09T04:57:56.530 回答