如何使用 Spring Security 使用空密码进行基本身份验证?
我正在使用 spring security (2.0.6) 来执行 HTTP BASIC 身份验证。我编写了一个自定义身份验证提供程序类,用于根据数据库验证用户名和密码。我遇到的问题是某些用户没有密码。这些用户会收到“访问被拒绝”消息。我调试了代码,发现当用户密码为空时,不会调用我的自定义身份验证提供程序。有谁知道如何解决这个问题?我需要允许某些用户拥有空白密码。
I'm using spring security (2.0.6) to perform HTTP BASIC authentication. I've written a custom authentication provider class which I use to validate usernames and passwords against my database. The problem I'm having is that some users do not have passwords. These users receive an "Access Denied" message. I debugged the code and found that my custom authentication provider isn't invoked when the user's password is blank. Does anyone know how to get around this? I need to allow some users to have blank passwords.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
而不是没有密码,您是否尝试过将 AuthenticationProvider 之前的过滤器中的密码设置为某些默认值(例如“NOPASSWORD”)?我认为其中一个预身份验证过滤器执行一个简单的“if(密码== null)”并失败,这就是您的问题。
Rather then no password have you tried setting the password in a filter before the AuthenticationProvider to some default like "NOPASSWORD"? I think one of the pre-auth filters does a simple 'if (password == null)' and fails and that's your issue.