Question

我是Spring的新手，我正在尝试创建一个简单的登录表单。当我尝试authentication.getName（）时，它返回一个空字符串。

实际上，我尝试使用此方法，但返回了“查询未返回用户”和“未找到用户”的结果。

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.jdbcAuthentication().dataSource(dataSource)
            .usersByUsernameQuery("select email, encrypted_password"
                    + " from customers where email=?")
            .authoritiesByUsernameQuery("select email, role "
                    + "from customers where email=?")
            .passwordEncoder(new BCryptPasswordEncoder());
}

AuthProviderImpl

@Autowired
private CustomerRepository customerRepository;

private BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String email = authentication.getName(); //return empty string
    Customer customer = customerRepository.findByEmail(email);
    if (customer == null) {
        throw new UsernameNotFoundException("User not found");
    }
    String password = authentication.getCredentials().toString();
    if(!encoder.matches(password, customer.getPassword())){
        throw new BadCredentialsException("Invalid password.");
    }
    List<GrantedAuthority> authorities = new ArrayList<>();
    authorities.add(new SimpleGrantedAuthority(customer.getRole().toString()));
    return new UsernamePasswordAuthenticationToken(customer, null, authorities);
}

@Override
public boolean supports(Class<?> aClass) {
    return aClass.equals(UsernamePasswordAuthenticationToken.class);
}

Sign_in.ftl

<#include "../main-template.ftl"/>
<#macro content>
 <#include "../header.ftl"/>
 <h1>Sign In</h1>
 <#if error??>
    <p class="help-block">Invalid email or password!</p>
 </#if>
 <form name="loginForm" action="/j_spring_security_check" method="post">
    <table>
        <tr>
            <td><label path="j_username">Email</label></td>
            <td><input path="j_username" type="email"/></td>
        </tr>
        <tr>
            <td><label path="j_password">Password</label></td>
            <td><input path="j_password" type="password"/></td>
        </tr>
    </table>
    <input type="submit">
  </form>
</#macro>
<@main title=""/>

安全配置

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();

    http.authorizeRequests()
                .antMatchers("/sign_up", "/sign_in").permitAll()
                .antMatchers("/admin/**").access("hasRole('ADMIN')")
            .and()
                .formLogin()
                .loginPage("/sign_in")
                .loginProcessingUrl("/j_spring_security_check")
                .usernameParameter("j_username")
                .passwordParameter("j_password")
                .failureUrl("/sign_in?error")
                .defaultSuccessUrl("/")
            .and()
                .logout()
                .permitAll()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/sign_in?logout")
                .invalidateHttpSession(true);
}

@Override
protected void configure(AuthenticationManagerBuilder auth) {
    auth.authenticationProvider(authProvider);
}

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
}

AuthenticationController

@RequestMapping(value = "/sign_in")
public String getSignIn(@RequestParam(value = "error", required = false) String error, Model model){
    if (error != null)
        model.addAttribute("error", error);
    return "/customer/sign_in";
}

Answer 1

在表单中应使用“名称”而不是“路径”

authentication.getName（）在自定义AuthenticationProvider中返回null

1 个答案: