How to get the user entered values of username and password in a spring security authenticated login

后端未结

关注

 2  1230

I use Spring MVC in my application and the login is authenticated by spring security. I have the following two methods in my UserServiceImpl.java class, public

相关标签:

2条回答

逝去的感伤

2021-01-03 14:54

As was suggested in answer by MangEngkus you can implement your own custom AuthenticationProvider but based on your description I don't think you need to do that.

You don't need to implement your own password hashing mechanism into spring-security. You just need to define BCryptPasswordEncoder from spring itself.

Either this way to use the default one:

<authentication-manager>
  <authentication-provider>
    <password-encoder hash="bcrypt" />
  </authentication-provider>
</authentication-manager>

Or create your own bean and supply it to default provider:

<authentication-manager>
  <authentication-provider>
    <password-encoder ref="encoder" />
  </authentication-provider>
</authentication-manager>

<beans:bean id="encoder" 
  class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
    <beans:constructor-arg name="strength" value="15" />
</beans:bean>

But for you, this is the way: :)

<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
  <beans:property name="userDetailsService" ref="userDetailsService"/>
  <beans:property name="passwordEncoder" ref="encoder" />
</beans:bean>

<bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

0 讨论(0)

盖世英雄少女心

2021-01-03 15:00

if you want, you can create your own AuthenticationProvider

public class CustomAuthenticationProvider implements AuthenticationProvider{

    private UserDetailsService service;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
        String username = token.getName();
        String password = token.getCredentials(); // retrieve the password 
        // do something here

        // if ok then return the authentication
        return new UsernamePasswordAuthenticationToken(username, password, authorities);
    }
}

and plug it to your security configuration

<beans:bean id="customAuthenticationProvider"
 class="com.xxx.CustomAuthenticationProvider">
  <beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>

<beans:bean id="authenticationManager"
    class="org.springframework.security.authentication.ProviderManager">
  <beans:property name="providers">
    <beans:list>
      <beans:ref local="customAuthenticationProvider" />
    </beans:list>
  </beans:property>
</beans:bean>

0 讨论(0)