问题描述

我正在使用spring security（2.0.6）来执行HTTP BASIC身份验证。我编写了一个自定义身份验证提供程序类，用于根据我的数据库验证用户名和密码。我遇到的问题是有些用户没有密码。这些用户收到拒绝访问消息。我调试了代码，发现当用户的密码为空时，我的自定义身份验证提供程序不会被调用。有谁知道怎么解决这个问题？我需要允许一些用户使用空白密码。

I'm using spring security (2.0.6) to perform HTTP BASIC authentication. I've written a custom authentication provider class which I use to validate usernames and passwords against my database. The problem I'm having is that some users do not have passwords. These users receive an "Access Denied" message. I debugged the code and found that my custom authentication provider isn't invoked when the user's password is blank. Does anyone know how to get around this? I need to allow some users to have blank passwords.

推荐答案

而不是在尝试在过滤器中设置密码之前没有密码AuthenticationProvider默认为NOPASSWORD？我认为其中一个pre-auth过滤器做了一个简单的'if（密码== null）'并且失败了，这就是你的问题。

Rather then no password have you tried setting the password in a filter before the AuthenticationProvider to some default like "NOPASSWORD"? I think one of the pre-auth filters does a simple 'if (password == null)' and fails and that's your issue.

这篇关于如何使用spring security使用空密码进行基本身份验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！