【发布时间】:2016-09-24 22:15:03
【问题描述】:
我正在尝试在 Spring Boot 应用程序中使用 Spring Security 实现一个简单的自定义身份验证提供程序,但它不起作用。
我的自定义身份验证提供程序是:
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider{
@Override
public Authentication authenticate(Authentication a) {
try{
List<GrantedAuthority> roles = new ArrayList<>();
roles.add(new SimpleGrantedAuthority("USER"));
UsernamePasswordAuthenticationToken u = new UsernamePasswordAuthenticationToken("usuario", "password", roles);
return u;
}catch(Exception e){
return null;
}
}
@Override
public boolean supports(Class<?> type) {
return true;
}
}
我的安全配置是这样的:
@Configuration
@EnableWebSecurity
@EntityScan(basePackages = "sirio.io.models")
public class AppConfiguration {
@Configuration
@Order(1)
public static class ApiWebSecurity extends WebSecurityConfigurerAdapter{
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;
@Override
public void configure(HttpSecurity http) throws Exception{
http.antMatcher("/admin/**")
.authorizeRequests()
.anyRequest()
.hasRole("USER")
.and()
.httpBasic()
.and()
.authenticationProvider(customAuthenticationProvider);
}
}
}
我在 CustomAuthProvider 中设置了几个断点,它已被调用,但我总是在浏览器中得到 403 响应
[编辑] 尝试了另一种类型的自定义身份验证提供程序,但结果相同。
@Component
public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider{
@Override
protected void additionalAuthenticationChecks(UserDetails ud, UsernamePasswordAuthenticationToken upat) throws AuthenticationException {
}
@Override
protected UserDetails retrieveUser(String string, UsernamePasswordAuthenticationToken upat) throws AuthenticationException{
List<GrantedAuthority> authoritys = new ArrayList<>();
authoritys.add(new SimpleGrantedAuthority("USER"));
UserDetails ud = new User("usuario", "password", authoritys);
return ud;
}
}
【问题讨论】:
标签: java spring spring-security spring-boot