How to perform my own authentication (checking username and password typed by the user)

别来无恙 提交于 2021-02-20 04:35:05

问题


I implemented the UserDetailsService interface and override the loadUserByUsername method.

I thought that, inside loadUserByUsername, I could get username and password, to check if they match username and password on the DB. But I can't understand how to get the password typed by the user, provided that it is possibile.

Probably, I'm implementing the wrong interface.

Is UserDetailsService enough to do what I want to or I have to implement or extend something else?


回答1:


The UserDetailsService.loadUserByUsername() is just to load (retrieve) the user details from the database - it isn't to do the password comparison.

The comparison happens in UsernamePasswordAuthenticationFilter.attemptAuthentication(). Then it calls to getAuthenticationManager().authenticate(), where the comparison occurs.

See this: What is the default AuthenticationManager in Spring-Security? How does it authenticate?

As for replacing UsernamePasswordAuthenticationFilter, ask yourself what is your use case? what are you trying to do that the default implementation does not? maybe you do not have to replace it... anyways, you can see how to do it in Spring's docs

HTH




回答2:


The UserDetailsService is just to retrieve the user details from the database - it isn't to do the password comparison.

If you want to do your own password comparison - you can implement your own PasswordEncoder (more specifically the isPasswordValid(pass1,pass2,salt) method but there are several you could extend - for example Md5PasswordEncoder

To wire your custom PassordEncoder you'll need something along the lines of this:

<authentication-manager id="authenticationManager">
    <authentication-provider user-service-ref="myUserDetailsService">
        <password-encoder ref="myPasswordEncoder"/>
    </authentication-provider>
</authentication-manager>


来源:https://stackoverflow.com/questions/26607203/how-to-perform-my-own-authentication-checking-username-and-password-typed-by-th

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!