Spring - безопасность: как имя пользователя входа в систему и пароль связываются с поставщиком аутентификации?
2 ответа
1: How do I specify my login form to pass its value to spring ?
After you setup your standard Spring Filter in web.xml for Spring Security, using some of the default settings configured by the AuthenticationProcessingFilter is created for you as part of the chain of filters.
My default the AuthenticationProcessingFilter is set up to read j_username and j_password as the username / password token.
In order to override this, replace your customize AuthenticationProcessingFilter over the default one by doing this:
<bean id=“myAuthFilter” class=“org.springframework.security.ui.webapp.AuthenticationProcessingFilter” >
<security:custom-filter position=“AUTHENTICATION_PROCESSING_FILTER”/><!–-replace the default one-–>
<property name=“usernameParameter” value=“myUsername”/><!-- myUsername is the name of the input tag where user enter their username on the HTML page -->
<property name=“passwordParameter” value=“myPassword” /><!–- myPassword is the name of the input tag where user enter their password on the HTML page -–>
</bean>
See also the JavaDoc of AuthenticationProcessingFilter for more details: http://static.springsource.org/spring-security/site/apidocs/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.html
2: How do I use my own authentication-provider?
Using the following code:
<bean id="myAuthenticationProvider" class="com.something.MyAuthenticationProvider">
<security:custom-authentication-provider />
</bean>
3: Regarding the issue with the code throwing '_filterChainProxy' .... No UserDetailsService registered...'
Is com.somepath.CustomAuthenticationProvider implementing the UserDetailService interface?
I am somewhat new to Spring myself but I will try to help you. The intercept-url looks fine.
I don't think the authentication-provider is right. Take a look at my code:
<beans:bean id="MyUserDetailsService" class="path.to.MyAuthenticationService"/>
<beans:bean id="userDetailsService" class="org.springframework.security.userdetails.hierarchicalroles.UserDetailsServiceWrapper" >
<beans:property name="roleHierarchy" ref="roleHierarchy" />
<beans:property name="userDetailsService">
<beans:ref bean="MyUserDetailsService"/>
</beans:property>
</beans:bean>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder hash="md5"/>
</authentication-provider>
You may not need the role heirarchy.
You have a login form on a jsp page. The form should begin something like this:
<form:form modelAttribute="login">
Also you must map the appropriate fields.
<form:input path="login">
<form:password path="password">
in your applicationContext-security.xml set the login page:
<form-login login-page="/login.jsp" default-target-url="/login.html" always-use-default-target="true" authentication-failure-url="/login.jsp?login_error=1"/>
login.html should be mapped to your LoginController.java which extends BaseController and implements a login method which takes at least a HttpServletRequest and Model as parameters. Mine then works by calling the following Spring class/methods:
String userlogin = SecurityContextHolder.getContext().getAuthentication().getName();
If your CustomAuthenticationProvider is implemented correctly you can then (hopefully) get the user's details from your Model and finally:
return "redirect:homepage.html";
I may have missed something if you're still having trouble let me know in a comment.