Grund: Keine AuthenticationProvider gefunden für org.springframework.Sicherheit.die Authentifizierung.UsernamePasswordAuthenticationToken
Habe ich konfiguriert spring security namespace zur Authentifizierung mit meiner custom authentication manager:
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>Application</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<servlet>
<servlet-name>app</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextClass</param-name>
<param-value>
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
com.me.web.controllers.controller
</param-value>
</init-param>
</servlet>
<listener>
<listener-class>
com.me.web.controllers.listener
</listener-class>
</listener>
<servlet-mapping>
<servlet-name>app</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd">
<context:component-scan base-package="com.me.web.controllers"/>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id="myProvider" class="com.me.web.controllers.CustomAuthenticationProvider"> </bean>
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
</security:http>
<security:authentication-manager erase-credentials="false" alias="authenticationManager">
<security:authentication-provider ref='myProvider'/>
</security:authentication-manager>
<mvc:annotation-driven />
</beans>
CustomAuthenticationProvider.java
package com.me.web.controllers;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.io.InputStream;
import java.util.Hashtable;
import java.util.ArrayList;
import java.util.Arrays;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getPrincipal().toString();
String password = authentication.getCredentials().toString();
System.out.println("Username: " + name + ", password: " + password + "\n");
if (name.equals("user") && password.equals("pass")) {
return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<GrantedAuthority>(Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"))));
} else {
return null;
}
}
@Override
public boolean supports(Class<?> authentication) {
System.out.println("supports method called\n");
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
}
}
Log-Datei
INFO: Loading XML bean definitions from ServletContext resource [/WEB-INF/omdwebapp-servlet.xml]
дек 27, 2016 11:28:50 AM org.springframework.security.core.SpringSecurityCoreVersion performVersionChecks
INFO: You are running with Spring Security Core 4.0.4.RELEASE
дек 27, 2016 11:28:50 AM org.springframework.security.core.SpringSecurityCoreVersion performVersionChecks
WARNING: **** You are advised to use Spring 4.2.5.RELEASE or later with this version. You are running: 4.1.5.RELEASE
дек 27, 2016 11:28:50 AM org.springframework.security.config.SecurityNamespaceHandler <init>
INFO: Spring Security 'config' module version is 4.0.4.RELEASE
дек 27, 2016 11:28:50 AM org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser parseInterceptUrlsForFilterInvocationRequestMap
INFO: Creating access control expression attribute 'hasRole('ROLE_USER')' for /**
дек 27, 2016 11:28:50 AM org.springframework.security.config.http.AuthenticationConfigBuilder createLoginPageFilterIfNeeded
INFO: No login page configured. The default internal one will be used. Use the 'login-page' attribute to set the URL of the login page.
дек 27, 2016 11:28:50 AM org.springframework.security.config.http.HttpSecurityBeanDefinitionParser checkFilterChainOrder
INFO: Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 200, Root bean: class [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, Root bean: class [org.springframework.security.web.header.HeaderWriterFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 500, Root bean: class [org.springframework.security.web.csrf.CsrfFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 600, Root bean: class [org.springframework.security.web.authentication.logout.LogoutFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 700, <org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>, order = 1100, Root bean: class [org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1300, Root bean: class [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1500, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1600, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2000, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2100, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2200, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2300]
дек 27, 2016 11:28:51 AM org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor <init>
INFO: JSR-330 'javax.inject.Inject' annotation found and supported for autowiring
дек 27, 2016 11:28:51 AM org.springframework.security.web.DefaultSecurityFilterChain <init>
INFO: Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.SecurityContextPersistenceFilter@5ebfb059, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7ad2d3a7, org.springframework.security.web.header.HeaderWriterFilter@2745b7f0, org.springframework.security.web.csrf.CsrfFilter@522f01b4, org.springframework.security.web.authentication.logout.LogoutFilter@c18fa93, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@3beacf19, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@34c2910a, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@51c04295, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@25536e21, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@8634bac, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2efd0d81, org.springframework.security.web.session.SessionManagementFilter@6781a840, org.springframework.security.web.access.ExceptionTranslationFilter@714d36d6, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@44b55b7]
дек 27, 2016 11:28:51 AM org.springframework.security.config.http.DefaultFilterChainValidator checkLoginPageIsntProtected
INFO: Checking whether login URL '/login' is accessible with your configuration
дек 27, 2016 11:28:51 AM org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping registerHandlerMethod
INFO: Mapped "{[/rest],methods=[POST],params=[],headers=[],consumes=[],produces=[application/json],custom=[]}" onto public static void com.omd.web.controllers.OmdRestController.processPostRequest(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) throws javax.servlet.ServletException
дек 27, 2016 11:28:51 AM org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping registerHandlerMethod
INFO: Mapped "{[/rest],methods=[GET],params=[],headers=[],consumes=[],produces=[application/json],custom=[]}" onto public static void com.omd.web.controllers.OmdRestController.processGetRequest(java.lang.String,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) throws javax.servlet.ServletException
дек 27, 2016 11:28:51 AM org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter initControllerAdviceCache
Aber wenn ich senden-Anforderung an den server (apache-tomcat), Frühling Anfragen für login und Passwort in einer Endlosschleife, egal was login:Passwort habe ich Typ.
Was mache ich? Wenn es nicht klar ist, wie kann ich Debuggen?
Dies ist die Fehlermeldung, wenn ich versuche, melden Sie sich an:
Your login attempt was not successful, try again.
Reason: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
Finde ich nicht die log, die ich Hinzugefügt habe-in meiner Klasse, so dass ich denke, dass authenticate
Funktion einfach nicht aufgerufen wird.
Du musst angemeldet sein, um einen Kommentar abzugeben.
Aber keine Rollen wieder in Ihre
authenticate
Methode.Wenn Sie möchten, Basic-Authentifizierung, senden Sie die Anfrage mit dem Kopf.
Authorization -- Basic base64Encode(username:password)
auf dem server und in Ihrem
authenticate
Methode, sollten Sie Sie wiederBTW: wenn Sie
auto-config = true
, wird es fügen Sie die folgende config automatisch.Ich denke, Sie wollen einfach nur, um alle die Anforderung authentifiziert werden. Sie müssen also nur die config ändern, um
dann müssen Sie nicht brauchen, um Ihre
authenticate
Methode zurück Rollen.Bearbeiten
diese false zurück, ändern Sie es zu
<context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath:spring-security.xml </param-value> </context-param>
Ich hatte das gleiche problem, und ich löste es durch hinzufügen dieser Klasse mit diesem Namen
IMP: ich arbeite auf reiner Java-Konfiguration