我如何以编程方式使用DaoAuthenticationProvider的时候使用Spring Security验证用户

本文介绍了我如何以编程方式使用DaoAuthenticationProvider的时候使用Spring Security验证用户的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我想知道我在做什么错在这里验证用户身份。我有，用户要经过几个步骤来激活他们的帐户的应用程序，并在这样做，我想绕过登录表单，并直接把他们带到自己的仪表板。

下面是我自动登录功能是什么样子：

 保护无效automatedLogin（字符串用户名，字符串密码，HttpServletRequest的请求）{        尝试{
            //必须从请求Spring Security的过滤被调用，否则SecurityContextHolder中未更新
            CustomUserDetailsService udService =新CustomUserDetailsService（userDAO的，请求）;
            的UserDetails uDetails = udService.loadUserByUsername（用户名）;
            UsernamePasswordAuthenticationToken令牌=新UsernamePasswordAuthenticationToken（uDetails，密码）;
            token.setDetails（新WebAuthenticationDetails（要求））;
            比如DaoAuthenticationProvider认证=新DaoAuthenticationProvider的时候（）;
            验证验证= authenticator.authenticate（标记）;
            。SecurityContextHolder.getContext（）setAuthentication（认证）;
        }赶上（例外五）{
            e.printStackTrace（）;
            。SecurityContextHolder.getContext（）setAuthentication（NULL）;
        }    }

我必须使用DaoAuthenticationProvider的时候类作为我的身份验证提供者。我已验证我收到含有正确的凭证，身份证，权威的角色，等一个UserDetails模式。

当它调用的身份验证方法我一起为DaoAuthenticationProvider类的方式运行到一个空指针的地方：

I'm really not sure what is null, as I don't have the source code available.

EditI was able to find the source code here - https://github.com/SpringSource/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java

I was able to get around the Null Pointer by explicitly setting the UserDetailsService on the object:

authenticator.setUserDetailsService(udService);

But now I get bad credentials exception when I know the password provided is correct, because I've seen it in the debugger in the UserDetails object set earlier in the code.

解决方案

I was able to get the authentication working by piecing together all of the properties defined in the spring bean definition and setting them programmatically on the DaoAuthenticationProvider object. Looking back this seems like it may have been a silly question, but I hope it helps someone!

Corrected Code:

protected void automatedLogin(String username, String password, HttpServletRequest request) {

        try {
            // Must be called from request filtered by Spring Security, otherwise SecurityContextHolder is not updated
            CustomUserDetailsService udService = new CustomUserDetailsService(userDAO, request);
            CustomMd5PasswordEncoder passEncoder = new CustomMd5PasswordEncoder();
            ReflectionSaltSource saltSource = new ReflectionSaltSource();
            saltSource.setUserPropertyToUse("salt");
            UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
            token.setDetails(new WebAuthenticationDetails(request));
            DaoAuthenticationProvider authenticator = new DaoAuthenticationProvider();
            authenticator.setUserDetailsService(udService);
            authenticator.setPasswordEncoder(passEncoder);
            authenticator.setSaltSource(saltSource);
            Authentication authentication = authenticator.authenticate(token);
            SecurityContextHolder.getContext().setAuthentication(authentication);
        } catch (Exception e) {
            e.printStackTrace();
            SecurityContextHolder.getContext().setAuthentication(null);
        }

    }

这篇关于我如何以编程方式使用DaoAuthenticationProvider的时候使用Spring Security验证用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！