问题描述
我正在使用spring security(2.0.6)来执行HTTP BASIC身份验证。我编写了一个自定义身份验证提供程序类,用于根据我的数据库验证用户名和密码。我遇到的问题是有些用户没有密码。这些用户收到拒绝访问消息。我调试了代码,发现当用户的密码为空时,我的自定义身份验证提供程序不会被调用。有谁知道怎么解决这个问题?我需要允许一些用户使用空白密码。
I'm using spring security (2.0.6) to perform HTTP BASIC authentication. I've written a custom authentication provider class which I use to validate usernames and passwords against my database. The problem I'm having is that some users do not have passwords. These users receive an "Access Denied" message. I debugged the code and found that my custom authentication provider isn't invoked when the user's password is blank. Does anyone know how to get around this? I need to allow some users to have blank passwords.
推荐答案
而不是在尝试在过滤器中设置密码之前没有密码AuthenticationProvider默认为NOPASSWORD?我认为其中一个pre-auth过滤器做了一个简单的'if(密码== null)'并且失败了,这就是你的问题。
Rather then no password have you tried setting the password in a filter before the AuthenticationProvider to some default like "NOPASSWORD"? I think one of the pre-auth filters does a simple 'if (password == null)' and fails and that's your issue.
这篇关于如何使用spring security使用空密码进行基本身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!