java - 为什么在实现自定义身份验证提供程序时无法从其他类调用方法

Question

我有自定义身份验证提供程序。当我想从其他类调用方法时，没有任何反应，我不知道为什么。请帮忙:

package org.sample.web.security;

import java.util.ArrayList;
import java.util.List;

import org.sample.web.service.SimpleService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private SimpleService simpleService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        logger.error("1111111111111111");
        String name = authentication.getName();
        String password = authentication.getCredentials().toString();
        simpleService.doNothing();
        logger.error("2222222222222222");

        if (name.equals("admin") && password.equals("system")) {
            List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
            grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
            Authentication auth = new UsernamePasswordAuthenticationToken(name, password, grantedAuths);
            return auth;
        } else {
            return null;
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }

    public void setSimpleService(SimpleService simpleService) {
        this.simpleService = simpleService;
    }
}

身份验证方法的输出只是:

DEBUG - ProviderManager            - Authentication attempt using org.sample.web.security.CustomAuthenticationProvider
ERROR - stomAuthenticationProvider - 1111111111111111

当我推荐行时什么也不做

//            simpleService.doNothing();

然后它开始工作，为什么？

DEBUG - ProviderManager            - Authentication attempt using org.sample.web.security.CustomAuthenticationProvider
ERROR - stomAuthenticationProvider - 1111111111111111
ERROR - stomAuthenticationProvider - 2222222222222222
TRACE - XmlWebApplicationContext   - Publishing event in Root WebApplicationContext: org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@9561: Principal: aaa; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities]
DEBUG - DefaultListableBeanFactory - Returning cached instance of singleton bean 'methodRegistrar'
DEBUG - BasicAuthenticationFilter  - Authentication request for failed: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
DEBUG - nSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
DEBUG - tyContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

安全上下文:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/util 
        http://www.springframework.org/schema/util/spring-util-3.1.xsd">


    <http use-expressions="true">
        <intercept-url pattern="/**" access="isAuthenticated()" />
        <http-basic />
    </http>

    <global-method-security pre-post-annotations="enabled" />

    <authentication-manager>
        <authentication-provider ref="customAuthenticationProvider" />
    </authentication-manager>

</beans:beans>

Answer 1

根据您的描述，方法 simpleService.doNothing() 似乎永远不会返回， 从而导致你的线程被卡住， 这就是为什么您的authenticate() 方法中的其他代码无法访问的原因。

顺便说一下，使用调试器进行简单的测试应该可以轻松揭示问题。

编辑: 因为我知道调试在这里不是一个选项，所以方法是打印到日志 调用方法之前、方法内部和方法之后。

既然您已经完成了该操作并且该方法没有打印，那么现在有 2 个选项:

1. simpleReceiver 为空，带有日志的简单 try catch 应该会显示它。

2. simpleReceiver 不是 SimpleReceiver 类型，而是执行无限长时间工作的派生类 在其功能中，如果是这种情况，实例类型的简单日志打印应该会显示它。