春天 - 安全:登录用户名和密码如何绑定到身份验证提供程序? [英] Spring - Security : how are login username and password bound to the authentication-provider?
问题描述
我需要提供安全性在我的应用程序中使用spring。
我在web.xml中包含了一个自定义的applicationContext-security.xml文件:contextConfigLocation
在这个文件中,我使用
< intercept-url pattern ='/ **。 'access =IS_AUTHENTICATED_FULLY/>
里面元素。
现在登录的形式为
,如果页面未被授权,则显示我的自定义Login.html页面。
现在针对我面临的问题:
- 如何指定我的登录表单将其值传递给spring?
- 使用我自己的身份验证提供程序?
我试过这个:
< authentication-provider user-service-ref =userDetailsService/>
< beans:bean id =userDetailsServiceclass =com.somepath.CustomAuthenticationProvider>
< custom-authentication-provider />
< / beans:bean>
其中CustomAuthenticationProvider实现了AuthenticationProvider
代码会抛出一个错误:
创建名为'_filterChainProxy'的bean时出错......没有注册UserDetailsService
请帮忙
<解决方案1:我如何指定我的登录表单将其值传递给spring?
设置完成后Spring Security的web.xml中的标准Spring Filter,使用由< http>
标签配置的一些默认设置。 AuthenticationProcessingFilter
的实例作为过滤器链的一部分为您创建。
我的默认值 AuthenticationProcessingFilter
设置为将j_username和j_password作为用户名/密码标记。
为了覆盖这个, AuthenticationProcessingFilter通过这样做:
< bean id =myAuthFilterclass =org.springframework.security。 ui.webapp.AuthenticationProcessingFilter>
< security:custom-filter position =AUTHENTICATION_PROCESSING_FILTER/><! - 替换默认值 - >
< / bean>
另请参阅AuthenticationProcessingFilter的JavaDoc以获取更多详细信息:
http://static.springsource.org/spring-security /site/apidocs/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.html
2:如何使用我自己的身份验证提供程序?
使用以下代码:
< bean id =myAuthenticationProvider class =com.something.MyAuthenticationProvider>
< security:custom-authentication-provider />
< / bean>
< security:custom-authentication-provider />
是Spring的标签,它知道这是一个自定义提供程序,Authentication Manager应该在其提供程序链中使用它。
$ b
3:关于问题与抛出'_filterChainProxy'的代码....没有UserDetailsService注册...'
是 com.somepath.CustomAuthenticationProvider
实现UserDetailService接口?
I am new to spring and spring security,
I have understood how beans are created and referenced in the xml files, I need to provide security using spring into my application.
I included a custom applicationContext-security.xml file in my web.xml : contextConfigLocation
in this file, I have intercepted url patterns using
<intercept-url pattern='/**.something' access="IS_AUTHENTICATED_FULLY"/>
inside element.
I have set the form for login as now, if a page is not authorised it shows me my custom Login.html page.
Now for the issues I am facing:
- How do I specify my login form to pass its value to spring ?
- How do I use my own authentication-provider ?
I tried this:
<authentication-provider user-service-ref="userDetailsService"/>
<beans:bean id = "userDetailsService" class ="com.somepath.CustomAuthenticationProvider">
<custom-authentication-provider/>
</beans:bean>
where CustomAuthenticationProvider implements AuthenticationProvider
but the code throws an error: Error creating bean with name '_filterChainProxy' .... No UserDetailsService registered
Please help
1: How do I specify my login form to pass its value to spring ?
After you setup your standard Spring Filter in web.xml for Spring Security, using some of the default settings configured by the <http>
tag. An instance of AuthenticationProcessingFilter
is created for you as part of the chain of filters.
My default the AuthenticationProcessingFilter
is set up to read j_username and j_password as the username / password token.
In order to override this, replace your customize AuthenticationProcessingFilter over the default one by doing this:
<bean id="myAuthFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter" >
<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/><!–-replace the default one-–>
<property name="usernameParameter" value="myUsername"/><!-- myUsername is the name of the input tag where user enter their username on the HTML page -->
<property name="passwordParameter" value="myPassword" /><!–- myPassword is the name of the input tag where user enter their password on the HTML page -–>
</bean>
See also the JavaDoc of AuthenticationProcessingFilter for more details: http://static.springsource.org/spring-security/site/apidocs/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.html
2: How do I use my own authentication-provider?
Using the following code:
<bean id="myAuthenticationProvider" class="com.something.MyAuthenticationProvider">
<security:custom-authentication-provider />
</bean>
<security:custom-authentication-provider />
is the tag that let's spring knows this is a custom provider and the Authentication Manager should use it in its provider chain.
3: Regarding the issue with the code throwing '_filterChainProxy' .... No UserDetailsService registered...'
Is com.somepath.CustomAuthenticationProvider
implementing the UserDetailService interface?
这篇关于春天 - 安全:登录用户名和密码如何绑定到身份验证提供程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!