我如何以编程方式使用DaoAuthenticationProvider的时候使用Spring Security验证用户 [英] How can I programmatically authenticate user with Spring Security using DaoAuthenticationProvider
问题描述
我想知道我在做什么错在这里验证用户身份。我有,用户要经过几个步骤来激活他们的帐户的应用程序,并在这样做,我想绕过登录表单,并直接把他们带到自己的仪表板。
下面是我自动登录功能是什么样子:
保护无效automatedLogin(字符串用户名,字符串密码,HttpServletRequest的请求){ 尝试{
//必须从请求Spring Security的过滤被调用,否则SecurityContextHolder中未更新
CustomUserDetailsService udService =新CustomUserDetailsService(userDAO的,请求);
的UserDetails uDetails = udService.loadUserByUsername(用户名);
UsernamePasswordAuthenticationToken令牌=新UsernamePasswordAuthenticationToken(uDetails,密码);
token.setDetails(新WebAuthenticationDetails(要求));
比如DaoAuthenticationProvider认证=新DaoAuthenticationProvider的时候();
验证验证= authenticator.authenticate(标记);
。SecurityContextHolder.getContext()setAuthentication(认证);
}赶上(例外五){
e.printStackTrace();
。SecurityContextHolder.getContext()setAuthentication(NULL);
} }
我必须使用DaoAuthenticationProvider的时候类作为我的身份验证提供者。我已验证我收到含有正确的凭证,身份证,权威的角色,等一个UserDetails模式。
当它调用的身份验证方法我一起为DaoAuthenticationProvider类的方式运行到一个空指针的地方:
org.springframework.security.authentication.AuthenticationServiceException
在
org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:109)
在
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:132)
在
com.bosch.actions.BaseController.doAutoLogin(BaseController.java:659)
。 。 。在显示java.lang.NullPointerException:产生的原因
org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:101)我真的不知道什么是空,因为我没有可用的源$ C $ C。
修改
我能在这里找到源头code - <一个href=\"https://github.com/SpringSource/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java\">https://github.com/SpringSource/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java我是能够显式设置的UserDetailsService的对象,以绕过空指针:
authenticator.setUserDetailsService(udService);但现在我得到不好的凭据例外,当我知道提供的密码是正确的,因为我已经看到了它在调试器中的UserDetails对象早些时候code设置。
org.springframework.security.authentication.BadCredentialsException:
在糟糕的凭据
org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:87)
在
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149)解决方案我是能够得到认证通过拼凑所有的春天bean定义的属性和DaoAuthenticationProvider的时候对象的编程设置它们的工作。回首这似乎像它可能是一个愚蠢的问题,但我希望它可以帮助别人!
修正code:
保护无效automatedLogin(字符串用户名,字符串密码,HttpServletRequest的请求){ 尝试{
//必须从请求Spring Security的过滤被调用,否则SecurityContextHolder中未更新
CustomUserDetailsService udService =新CustomUserDetailsService(userDAO的,请求);
CustomMd5PasswordEn codeR passEn codeR =新CustomMd5PasswordEn codeR();
ReflectionSaltSource saltSource =新ReflectionSaltSource();
saltSource.setUserPropertyToUse(盐);
UsernamePasswordAuthenticationToken令牌=新UsernamePasswordAuthenticationToken(用户名,密码);
token.setDetails(新WebAuthenticationDetails(要求));
比如DaoAuthenticationProvider认证=新DaoAuthenticationProvider的时候();
authenticator.setUserDetailsService(udService);
authenticator.setPasswordEn codeR(passEn codeR);
authenticator.setSaltSource(saltSource);
验证验证= authenticator.authenticate(标记);
。SecurityContextHolder.getContext()setAuthentication(认证);
}赶上(例外五){
e.printStackTrace();
。SecurityContextHolder.getContext()setAuthentication(NULL);
} }I was wondering what I am doing wrong here to authenticate a user. I have an application where the user goes through several steps to activate their account, and upon doing so I would like to bypass the login form and take them directly to their dashboard.
Here is what my automated login function looks like:
protected void automatedLogin(String username, String password, HttpServletRequest request) { try { // Must be called from request filtered by Spring Security, otherwise SecurityContextHolder is not updated CustomUserDetailsService udService = new CustomUserDetailsService(userDAO, request); UserDetails uDetails = udService.loadUserByUsername(username); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(uDetails, password); token.setDetails(new WebAuthenticationDetails(request)); DaoAuthenticationProvider authenticator = new DaoAuthenticationProvider(); Authentication authentication = authenticator.authenticate(token); SecurityContextHolder.getContext().setAuthentication(authentication); } catch (Exception e) { e.printStackTrace(); SecurityContextHolder.getContext().setAuthentication(null); } }I must use the DaoAuthenticationProvider class as my authentication provider. I have verified that I am getting a UserDetails model containing the correct credentials, ID, authority roles, etc.
When it calls the authenticate method I run into a Null Pointer somewhere along the way in the DaoAuthenticationProvider class:
org.springframework.security.authentication.AuthenticationServiceException at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:109) at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:132) at com.bosch.actions.BaseController.doAutoLogin(BaseController.java:659) . . . Caused by: java.lang.NullPointerException at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:101)
I'm really not sure what is null, as I don't have the source code available.
Edit I was able to find the source code here - https://github.com/SpringSource/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java
I was able to get around the Null Pointer by explicitly setting the UserDetailsService on the object:
authenticator.setUserDetailsService(udService);But now I get bad credentials exception when I know the password provided is correct, because I've seen it in the debugger in the UserDetails object set earlier in the code.
org.springframework.security.authentication.BadCredentialsException: Bad credentials at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:87) at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149)
解决方案I was able to get the authentication working by piecing together all of the properties defined in the spring bean definition and setting them programmatically on the DaoAuthenticationProvider object. Looking back this seems like it may have been a silly question, but I hope it helps someone!
Corrected Code:
protected void automatedLogin(String username, String password, HttpServletRequest request) { try { // Must be called from request filtered by Spring Security, otherwise SecurityContextHolder is not updated CustomUserDetailsService udService = new CustomUserDetailsService(userDAO, request); CustomMd5PasswordEncoder passEncoder = new CustomMd5PasswordEncoder(); ReflectionSaltSource saltSource = new ReflectionSaltSource(); saltSource.setUserPropertyToUse("salt"); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password); token.setDetails(new WebAuthenticationDetails(request)); DaoAuthenticationProvider authenticator = new DaoAuthenticationProvider(); authenticator.setUserDetailsService(udService); authenticator.setPasswordEncoder(passEncoder); authenticator.setSaltSource(saltSource); Authentication authentication = authenticator.authenticate(token); SecurityContextHolder.getContext().setAuthentication(authentication); } catch (Exception e) { e.printStackTrace(); SecurityContextHolder.getContext().setAuthentication(null); } }
这篇关于我如何以编程方式使用DaoAuthenticationProvider的时候使用Spring Security验证用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
