自定义AuthenticationProvider不被调用 [英] Custom AuthenticationProvider is not called
问题描述
我想拥有一个受身份验证保护的基本REST应用.我遵循了 http://www.baeldung.com/spring-security-authentication中的一般说明-provider ,以确保安全性正常工作.
I want to have a basic auth-protected REST app. I followed the general instructions from http://www.baeldung.com/spring-security-authentication-provider in order to get the security working.
我最终创建了AuthenticationProvider
的实现,但是Spring从未调用过它.所有请求均以错误结束:
I ended up creating my implementation of AuthenticationProvider
, but it never gets called by Spring. All requests end up with an error:
{"timestamp":1460199213227,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/test"}
没有AuthenticationProvider做任何事情.
without the AuthenticationProvider ever doing anything.
该应用程序基于注释,以下是相关位:
The app is annotation-based and here are the relevant bits:
安全设置
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider authenticationProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authenticationProvider(authenticationProvider)
.authorizeRequests()
.anyRequest().authenticated().and().httpBasic();
}
}
AuthenticationProvider
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
private UserDAO userDAO;
@Autowired
private Authenticator authenticator;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// This never gets called, I checked with debugger
String username = authentication.getName();
String password = authentication.getCredentials().toString();
User user = userDAO.findByUsername(username);
User authenticatedUser = authenticator.authenticate(user, password);
if (authenticatedUser == null){
throw new RESTAuthenticationException("Auth failed");
}
List<GrantedAuthority> authorityList = new ArrayList<>();
return new UsernamePasswordAuthenticationToken(user, authorityList);
}
@Override
public boolean supports(Class<?> aClass) {
return aClass.equals(UsernamePasswordAuthenticationToken.class);
}
}
控制器
@RestController
public class UserController {
@RequestMapping(value = "/test")
public ResponseEntity test(@AuthenticationPrincipal User user) {
return ResponseEntity.ok().body(user);
}
}
推荐答案
您收到状态码为401的响应.这是.这可能是由于您的请求中的授权标头丢失/格式错误造成的.
You receive a response with status code 401. This is the "unauthorized" http status code. It is probably caused by a missing/malformed Authorization header in your request.
您使用的是 Http-Basic :它在请求:
You are using Http-Basic: it requires the following header in the request :
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
其中字符串 QWxhZGRpbjpPcGVuU2VzYW1l 是字符串<user>:<password>
base64编码.
where the string QWxhZGRpbjpPcGVuU2VzYW1l is the string <user>:<password>
base64 encoded.
这篇关于自定义AuthenticationProvider不被调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!