• 首页

  • 归档
小 黑 捡 方 块
小 黑 捡 方 块

小黑捡方块

获取中...

07
17
spring security

Springboot+Security UserDetailsService里面抛出UsernameNotFoundException异常无法在failureHandler中截获

发表于 2019-07-17 • 被 367 人看爆
WebSecurityConfigurerAdapter中配置
@Autowired
    private UserDetailsManagerServiceImpl userDetailsManagerService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.authenticationProvider(authProvider).userDetailsService(userDetailsManagerService);
    }

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors()
                .and().csrf().disable()
                .authorizeRequests()
                .anyRequest()
                .authenticated()


                .and()
                .formLogin()
                .loginPage(LOGIN_PAGE_URL)
                .loginProcessingUrl(LOGIN_URL)
                .failureHandler(authenticationFailureHandler)
                .successHandler(authenticationSuccessHandler)
                .permitAll()


                .and()
                .sessionManagement()
                .invalidSessionUrl(LOGIN_PAGE_URL)
                // 同一用户最大session数
                .maximumSessions(1)
                // 达到最大数不禁止登录,第二个会挤掉前一个;若设置为true,则第二个人被禁止登录
                .maxSessionsPreventsLogin(false)
                .expiredUrl(LOGIN_PAGE_URL)
                .sessionRegistry(sessionRegistry());
//                .and()
//                .exceptionHandling()
//                .authenticationEntryPoint((request, response, authException) -> response.getWriter().write(new ResponseBean().error(AdminError.ADMIN_ACCESS_DENIED_ERROR).toString()))
//                .accessDeniedHandler(accessDeniedHandler());
    }
UserDetailsService代码
@Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        Admin admin = null;
        // 查询用户信息
        if (CommonStringUtils.isPhoneNo(username)) {
            // 手机登录
            admin = new Admin().selectOne(Wrappers.<Admin>lambdaQuery()
                    .eq(Admin::getPhone, username));
        } else {
            admin = new Admin().selectOne(Wrappers.<Admin>lambdaQuery()
                    .eq(Admin::getUsername, username));
        }

        if (admin == null) {
            throw new UsernameNotFoundException("用户不存在");
        }


        // 查询用户权限
        val permissions = rolePermissionService.selectRolePermissions(admin.getId());

        return new ManagerUserDetails(admin, AuthorityUtils.commaSeparatedStringToAuthorityList(permissions));
    }
找原因

然而throw new UsernameNotFoundException("用户不存在");的异常信息无法被截获,debug发现在ProviderManager中for (AuthenticationProvider provider : getProviders()) {getProviders()有两个,一个是自定义的AuthenticationProvider,一个是DaoAuthenticationProvider。

解决

搜索发现原来是userDetailsService配置方式不正确,改为重写方式一切正常:

@Override
    protected UserDetailsService userDetailsService() {
        return new UserDetailsManagerServiceImpl();
    }

https://github.com/spring-projects/spring-security/issues/4149#issuecomment-490500277

第三点里面有说使用AuthenticationManagerBuilder配置auth.userDetailsService()默认会注册DaoAuthenticationProvider

分享到:
记一次spring boot security登录认证session管理问题排查的恶心经历
docker启动后外网和主机死活访问不到springboot项目
  • 文章目录
  • 站点概览
小黑捡方块

帅哥小黑捡方块

Github Email RSS
看爆 Top5
  • jenkins通过ssh连接失败:Failed to add SSH key. Message [invalid privatekey 1,211次看爆
  • ConcurrentHashMap核心部分源码注释 1,168次看爆
  • docker运行的jenkins在构建项目并打包成docker镜像时问题总结 1,123次看爆
  • docker启动后外网和主机死活访问不到springboot项目 661次看爆
  • Springboot+Nginx+certbot重定向400错误解决 606次看爆
蜀ICP备19040029号

Copyright © 2021 小黑捡方块 ·

Proudly published with Halo · Theme by fyang · 站点地图