使用需要用户名和密码的WebService使用SpringSecurity对用户进行身份validation

扩展org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider

 /** * @author rodrigoap * */ public class WebServiceUserDetailsAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider { @Override protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { //Improve this line: String password = authentication.getCredentials().toString(); // Invoke your webservice here GrantedAuthority[] grantedAuth = loginWebService.login(username, password); // create UserDetails. Warning: User is deprecated! UserDetails userDetails = new User(username, password, grantedAuth); return userDetails; } } 

我写了下面的课：

PncUserDetailsAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider

其中实现了recieveUser方法：

 @Override protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken token) throws AuthenticationException { try { server = (PncUtilRemote) new InitialContext().lookup("PncUtilBean"); if (server != null) { String password = SHA1(token.getCredentials().toString()); String[] auth = server.login(username, password); if (auth.length > 0) { PncUserDetails details = new PncUserDetails(username, password); for (int i = 0; i < auth.length; i++) { details.addAuthority(auth[i]); } return details; } } } catch (Exception e) { System.out.println("! " + e.getClass().getName() + " in com.logica.pnc.security.PncUserDetailsAuthenticationProvider.retrieveUser(String, UsernamePasswordAuthenticationToken): " + e.getMessage()); } throw new BadCredentialsException(""); } 

要启用AuthenticationProvider，您需要在application-context.xml文件中添加一些行：

将auto-config设置为false非常重要：

感谢rodrigoap指向AuthenticationProvider thingy 🙂

UserDetailsS​​ervice的想法是您的实现提供了一个UserDetails对象，表示具有该用户名的用户，Spring Security处理检查凭据。

如果这种设计与后端不兼容，因为您需要将密码作为参数，那么您可能需要查看实现自己的AuthenticationProvider。