使用需要用户名和密码的WebService使用SpringSecurity对用户进行身份验证 [英] Authenticate users with SpringSecurity using a WebService that requires a username and password
问题描述
目前我正在使用Spring Security编写Web应用程序。我们有一个Web服务,通过用户名和密码对用户进行身份验证。
Currently I am writing a web application using Spring Security. We have a web service which authenticates users by username and password.
网络服务:
String [] login(String username,String password);
如何配置Spring Security以将提供的用户名和密码传递给Web服务?
How do I configure Spring Security to pass the provided username and password to the web service?
我写了 UserDetailsService
,只收到一个用户名。
I have written a UserDetailsService
which only receives a username.
我认为问题在于你的xml。你关掉了自动配置吗?你的类是否扩展了AbstractUserDetailsAuthenticationProvider?
I think the problem is with your xml. Did you turned off the auto-config? And does your class extend AbstractUserDetailsAuthenticationProvider?
推荐答案
扩展org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider
Extend org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider
/**
* @author rodrigoap
*
*/
public class WebServiceUserDetailsAuthenticationProvider extends
AbstractUserDetailsAuthenticationProvider {
@Override
protected UserDetails retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
//Improve this line:
String password = authentication.getCredentials().toString();
// Invoke your webservice here
GrantedAuthority[] grantedAuth = loginWebService.login(username, password);
// create UserDetails. Warning: User is deprecated!
UserDetails userDetails = new User(username, password, grantedAuth);
return userDetails;
}
}
这篇关于使用需要用户名和密码的WebService使用SpringSecurity对用户进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!