我正在尝试使用带有自定义 AuthenticationProvider 的 spring security 实现表单登录。
我正在使用: Spring - 4.1.1.RELEASE Spring 安全 - 3.2.5.RELEASE Tomcat 7
安全上下文.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- <http create-session="stateless" authentication-manager-ref="authenticationManager"
entry-point-ref="reportsAuthenticationEntryPoint" disable-url-rewriting="true"
use-expressions="true" pattern="/report/**"> <intercept-url pattern="/report/**"
/> </http> -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/reports/**" access="isAuthenticated()" />
</http>
<beans:bean id="reportsAuthenticationEntryPoint" class="com.test.reporting.web.security.ReportsAuthenticationEntryPoint" />
<beans:bean id="reportsAuthenticationProvider" class="com.test.reporting.web.security.ReportsAuthenticationProvider" />
<authentication-manager erase-credentials="true" alias="authenticationManager">
<authentication-provider ref="reportsAuthenticationProvider" />
</authentication-manager>
</beans:beans>
我正在实现我的自定义 AuthenticationProvider:
public class ReportsAuthenticationProvider implements AuthenticationProvider
{
private static final Logger logger = LoggerFactory.getLogger(ReportsAuthenticationProvider.class);
@Inject
private ProviderDao providerDao;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
String providerName = (String) authentication.getName();
String password = (String) authentication.getCredentials();
Provider provider = providerDao.findByProviderName(providerName);
if (provider == null)
{
logger.error("authenticate() - unknown provider name " + providerName);
throw new BadCredentialsException("invalid provider");
}
else
{
if (StringUtils.isEmpty(password))
{
logger.error("authenticate() - no password provider for provider " + providerName);
throw new InsufficientAuthenticationException("No password for user");
}
else
{
if (password.equals(provider.getPassword()))
{
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(providerName, password);
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
return authenticationToken;
}
else
{
logger.error("authenticate() - invalid password for provider " + providerName + " [" + password + "]");
throw new BadCredentialsException("invalid credentials");
}
}
}
}
@Override
public boolean supports(Class<?> authentication)
{
return UsernamePasswordAuthenticationToken.class.equals(authentication);
}
}
自定义 AuthenticationEntryPoint 实现:
public class ReportsAuthenticationEntryPoint implements AuthenticationEntryPoint
{
private static final Logger logger = LoggerFactory.getLogger(ReportsAuthenticationEntryPoint.class);
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException
{
logger.error("commence() - authentication failed due to: " + authException.getMessage(), authException);
if (logger.isDebugEnabled())
{
logger.debug("commence() - authentication failed", authException);
}
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
}
出于某种原因,当我转到我的页面时: http://localhost:8080/reporting-ui/reports/view/sport
我被重定向到 http://localhost:8080/reporting-ui/spring_security_login;jsessionid=74C6120F66A978DF57A4EB764DE3B313
然后我得到了 spring 的默认登录表单,我输入了我的凭据,它在我的自定义 AuthenticationProvider 处停止并且运行良好,但由于某种原因在服务器上仅再次调用方法 authenticate 但这次使用空白密码(身份验证.getCredentials()) 失败。
这是日志:
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [HttpSessionRequestCache] - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/reporting-ui/reports/view/sport]
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [ExceptionTranslationFilter] - Calling Authentication entry point.
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/spring_security_login;jsessionid=48A25BDE619D1C801136C134C9CFAFBB'
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-3] 2015-03-16 12:20:34,526 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - HttpSession returned null object for SPRING_SECURITY_CONTEXT
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fd0bd. A new one will be created.
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [FilterChainProxy] - /spring_security_login at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-4] 2015-03-16 12:20:34,542 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,082 DEBUG [FilterChainProxy] - /j_spring_security_check at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [HttpSessionSecurityContextRepository] - HttpSession returned null object for SPRING_SECURITY_CONTEXT
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2fd0bd. A new one will be created.
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [FilterChainProxy] - /j_spring_security_check at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,083 DEBUG [UsernamePasswordAuthenticationFilter] - Request is to process authentication
coll[http-bio-8080-exec-7] 2015-03-16 12:20:44,084 DEBUG [ProviderManager] - Authentication attempt using com.test.reporting.web.security.ReportsAuthenticationProvider
coll[http-bio-8080-exec-7] 2015-03-16 12:20:47,965 DEBUG [SharedEntityManagerCreator$SharedEntityManagerInvocationHandler] - Creating new EntityManager for shared EntityManager invocation
Hibernate: select provider0_.id as id1_0_, provider0_.application_provider_id as applicat2_0_, provider0_.domain as domain3_0_, provider0_.ga_profile_id as ga_profi4_0_, provider0_.logo_url as logo_url5_0_, provider0_.name as name6_0_, provider0_.password as password7_0_, provider0_.start_date as start_da8_0_ from providers provider0_ where provider0_.name=?
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [EntityManagerFactoryUtils] - Closing JPA EntityManager
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [CompositeSessionAuthenticationStrategy] - Delegating to org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy@468a28b0
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,485 DEBUG [SessionFixationProtectionStrategy] - Invalidating session with Id '48A25BDE619D1C801136C134C9CFAFBB' and migrating attributes.
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SessionFixationProtectionStrategy] - Started new session: C312B1A7F928D7995C55DA0882EB0A37
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [UsernamePasswordAuthenticationFilter] - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SavedRequestAwareAuthenticationSuccessHandler] - Redirecting to DefaultSavedRequest Url: http://localhost:8080/reporting-ui/reports/view/sport
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/reports/view/sport'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@fffc1f62: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-7] 2015-03-16 12:20:48,501 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [FilterChainProxy] - /reports/view/sport at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [HttpSessionSecurityContextRepository] - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@fffc1f62: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,501 DEBUG [FilterChainProxy] - /reports/view/sport at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - pathInfo: both null (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - queryString: both null (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - requestURI: arg1=/reporting-ui/reports/view/sport; arg2=/reporting-ui/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - serverPort: arg1=8080; arg2=8080 (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - requestURL: arg1=http://localhost:8080/reporting-ui/reports/view/sport; arg2=http://localhost:8080/reporting-ui/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - scheme: arg1=http; arg2=http (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - serverName: arg1=localhost; arg2=localhost (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - contextPath: arg1=/reporting-ui; arg2=/reporting-ui (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [DefaultSavedRequest] - servletPath: arg1=/reports/view/sport; arg2=/reports/view/sport (property equals)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [HttpSessionRequestCache] - Removing DefaultSavedRequest from session if present
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [AnonymousAuthenticationFilter] - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fffc1f62: Principal: sport; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 48A25BDE619D1C801136C134C9CFAFBB; Not granted any authorities'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterChainProxy] - /reports/view/sport at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [AntPathRequestMatcher] - Checking match of request : '/reports/view/sport'; against '/reports/**'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [FilterSecurityInterceptor] - Secure object: FilterInvocation: URL: /reports/view/sport; Attributes: [ROLE_REPORT]
coll[http-bio-8080-exec-8] 2015-03-16 12:20:48,516 DEBUG [ProviderManager] - Authentication attempt using com.test.reporting.web.security.ReportsAuthenticationProvider
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,365 DEBUG [SharedEntityManagerCreator$SharedEntityManagerInvocationHandler] - Creating new EntityManager for shared EntityManager invocation
Hibernate: select provider0_.id as id1_0_, provider0_.application_provider_id as applicat2_0_, provider0_.domain as domain3_0_, provider0_.ga_profile_id as ga_profi4_0_, provider0_.logo_url as logo_url5_0_, provider0_.name as name6_0_, provider0_.password as password7_0_, provider0_.start_date as start_da8_0_ from providers provider0_ where provider0_.name=?
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,450 DEBUG [EntityManagerFactoryUtils] - Closing JPA EntityManager
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,450 ERROR [ReportsAuthenticationProvider] - authenticate() - no password provider for provider sport
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [DefaultAuthenticationEventPublisher] - No event was found for the exception org.springframework.security.authentication.InsufficientAuthenticationException
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [ExceptionTranslationFilter] - Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.authentication.InsufficientAuthenticationException: No password for user
at com.test.reporting.web.security.ReportsAuthenticationProvider.authenticate(ReportsAuthenticationProvider.java:50)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:316)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:202)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:155)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [HttpSessionRequestCache] - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/reporting-ui/reports/view/sport]
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [ExceptionTranslationFilter] - Calling Authentication entry point.
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [DefaultRedirectStrategy] - Redirecting to 'http://localhost:8080/reporting-ui/spring_security_login'
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-8] 2015-03-16 12:20:50,465 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [HttpSessionSecurityContextRepository] - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@ffffffff: Null authentication'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 3 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [FilterChainProxy] - /spring_security_login at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
coll[http-bio-8080-exec-9] 2015-03-16 12:20:50,481 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
您是否知道导致错误行为的原因?
谢谢
最佳答案
通过添加角色使您的身份验证受信任:
if (password.equals(provider.getPassword()))
{
Collection<? extends GrantedAuthority> authorities = Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"));
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(providerName, password, authorities);
return authenticationToken;
}
通过使用 3 参数构造函数,isAuthenticated() 将返回 true。
关于java - spring security 自定义 AuthenticationProvider 被调用两次并失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29073834/