问题:
带有Spring Security的Spring Social-userDetailsService在SignInAdapter
韦安怡
我首先实现了Spring Security,并让它与持久令牌方法一起工作。然后我实现了Spring Social,经过长时间的努力,终于能够让它工作了。正在我的UserConnection表中创建适当的行。
我的问题是,当一个用户用Facebook登录到我的应用程序时,我的SignInAdapterImp会被调用。我在这里做用户认证。但是,我的UserDetailsServiceImp会立即被调用,这实际上是试图再次对用户进行身份验证。这是我为验证非社交用户而设置的类。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
<!-- To allow standards-based @Secured annotation -->
<!-- global-method-security secured-annotations="enabled" /-->
<!-- http pattern="/signup" security="none"/>
<http pattern="/singin" security="none"/ -->
<http create-session="stateless" entry-point-ref="restAuthenticationEntryPoint" use-expressions="true">
<intercept-url pattern="/connect/**" access="ROLE_USER" />
<!--NOT NEEDED WITH ANNOTATIONS: intercept-url pattern="/services/schedule/**" access="ROLE_USER, ROLE_ADMIN"/ -->
<custom-filter ref="userPassAuthenticationFilter" before="FORM_LOGIN_FILTER"/>
<custom-filter ref="rememberMeFilter" position="FIRST" />
<!-- Adds a logout filter to Spring Security filter chain -->
<logout logout-url="/services/auth/logout" delete-cookies="true" invalidate-session="true" success-handler-ref="restLogoutSuccessHandler"/>
<remember-me key="rememberMeKey" user-service-ref="customUserDetailsService"/>
</http>
<!-- initialized the AuthenticationEntryPoint bean -->
<beans:bean id="restAuthenticationEntryPoint" class="com.touchvision.pilot.security.RestAuthenticationEntryPoint" />
<!-- the customAuthenticationFilter custom filter definition -->
<beans:bean id="userPassAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="rememberMeServices" ref="rememberMeServices"/>
<beans:property name="authenticationSuccessHandler" ref="mySuccessHandler"/>
<beans:property name="filterProcessesUrl" value="/services/auth/login"/>
<beans:property name="usernameParameter" value="username"/>
<beans:property name="passwordParameter" value="password"/>
<beans:property name="postOnly" value="false"/>
</beans:bean>
<!-- the Remember Me bean definition -->
<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
<beans:property name="key" value="springRocks"/>
<beans:property name="alwaysRemember" value="true" />
<!-- NOT NEEDED WITH ALWAYSREMEMBER: beans:property name="parameter" value="persistLogin"/ --> <!-- This is used to change the param from _spring_security_remember_me -->
<beans:property name="userDetailsService" ref="customUserDetailsService"/>
<beans:property name="tokenRepository" ref="tokenRepository"/>
</beans:bean>
<!-- the remember-me filter bean -->
<beans:bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<beans:property name="rememberMeServices" ref="rememberMeServices"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<!-- the remember-me authentication provider bean definition -->
<beans:bean id="rememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<beans:property name="key" value="springRocks"/>
</beans:bean>
<!-- Instantiates the bean for the token provider -->
<beans:bean id="tokenRepository" class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
<beans:property name="createTableOnStartup" value="false"/>
<beans:property name="dataSource" ref="dataSource"/>
</beans:bean>
<!-- Configures a custom authentication success handler that returns HTTP status code 200 -->
<beans:bean id="mySuccessHandler" class="com.touchvision.pilot.security.RestAuthenticationSuccessHandler"/>
<!-- Configures a custom authentication failure handler that returns HTTP status code 401 -->
<beans:bean id="restAuthenticationFailureHandler" class="com.touchvision.pilot.security.RestAuthenticationFailureHandler"/>
<!-- Configures a custom logout success handler that returns HTTP status code 200 -->
<beans:bean id="restLogoutSuccessHandler" class="com.touchvision.pilot.security.RestLogoutSuccessHandler"/>
<!-- Declare an authentication-manager to use a custom userDetailsService -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder ref="passwordEncoder"/>
</authentication-provider>
<authentication-provider ref="rememberMeAuthenticationProvider" />
</authentication-manager>
<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the database -->
<beans:bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>
<!-- A custom service where Spring will retrieve users and their corresponding access levels -->
<beans:bean id="customUserDetailsService" class="com.touchvision.pilot.security.CustomUserDetailsService"/>
</beans:beans>
编辑:下面是我的SignInAdapter signIn()实现:
@Override
public String signIn(String localUserId, Connection<?> connection, NativeWebRequest request) {
logger.info("*************** in SignInAdapterImp signIn() w/ localUserId = " + localUserId +" ****************" );
User user = userRepo.findById(Integer.parseInt(localUserId));
// Create a list of grants for this user
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
logger.info("Grant ROLE_USER to this user");
authorities.add(new GrantedAuthorityImpl("ROLE_USER"));
Authentication authentication = new UsernamePasswordAuthenticationToken(user.getEmail(), user.getPassword(), authorities);
SecurityContextHolder.getContext().setAuthentication(authentication);
// set remember-me cookie
persistentTokenRememberMeServices.loginSuccess(
(HttpServletRequest) request.getNativeRequest(),
(HttpServletResponse) request.getNativeResponse(),
authentication);
return null;
}
共有1个答案
汤弘文
原来我在http筛选器列表中有一个重复的筛选器。我有2个过滤器定义为记住我的功能。以下是最终实现的筛选器集:
<http entry-point-ref="restAuthenticationEntryPoint" use-expressions="true">
<!--NOT NEEDED WITH ANNOTATIONS: intercept-url pattern="/services/schedule/**" access="ROLE_USER, ROLE_ADMIN"/ -->
<custom-filter before="FORM_LOGIN_FILTER" ref="userPassAuthenticationFilter" />
<custom-filter position="REMEMBER_ME_FILTER" ref="rememberMeFilter" />
<custom-filter position="LOGOUT_FILTER" ref="logoutFilter" />
</http>
类似资料:
-
现在我的问题是,如何在自定义的而不是自定义的中重写方法?我没有在这里公布我的代码,因为它与链接的代码本质上是相同的,只是我需要为子创建一个自定义的来代替,这样它就可以按照“pptang”的答案所述进行正确的度量。 否则,有没有比在第二个RecyclerView中使用1个RecyclerView更好的方法?只能有1个RecyclerView使用上述列表和每个中唯一项的网格填充活动/片段吗?
-
主要内容:1.入门,2.设置用户名和密码1.入门 1.启动一个SpringBoot项目 2.导入SpringSecurity相关依赖 3.编写Controller TestController.java 用户是user 密码是刚刚的 2.设置用户名和密码 1.在配置文件中设置 2.在配置类中设置 3.自定义实现类 2.1 配置文件中设置 2.2 在配置类中设置 设置用户名为zZZ,密码为root 2.3 自定义实现类 配置类: 业务类:
-
试图了解使用Spring Security实现OpenID身份验证的正确方法。 我正在考虑用户尚未在我的应用程序中注册的情况。要注册用户,我需要知道它的OpenID和电子邮件。 当OpenID提供者将用户重定向回我的应用程序时,将调用,但在这种情况下,我只知道用户的OpenID。因此,我抛出,然后,因此无法注册用户。 这里常见的解决办法是什么?如果从返回类似,然后在调用时注册用户,然后返回真正的呢
-
我是Spring Security的新手,我试图实现自定义的身份验证。令我困扰的是,这个接口只包含一个方法,它只将用户名作为参数并返回。 我想知道为什么这个方法不接受任何密码作为参数。 Spring是如何只根据用户名对用户进行身份验证的?
-
问题内容: 我目前正在评估基于Java的安全框架,我是Spring 3.0用户,因此似乎似乎SpringSecurity是正确的选择,但是Spring安全性似乎受到过分复杂的困扰,它似乎并没有使安全性易于实现, Shiro似乎更加连贯,更容易理解。我正在寻找这两个框架之间的利弊清单。 问题答案: 我也同意Spring Security对我来说感觉太复杂了。当然,他们已经做了一些降低复杂性的事情,例
-
本文展示了如何使用 JPA 自定义 UserDetailsService 及数据库 的方式来进行认证。在本例,我们将认证信息存储于 H2 数据库中。 在 ldap-authentication项目的基础上,我们构建了一个jpa-userdetailsservice项目。 build.gradle 修改 build.gradle 文件,让我们的jpa-userdetailsservice项目成为一个