1. 技术文章
  2. Internalisation using Spring Security In-Memory Authentication

Internalisation using Spring Security In-Memory Authentication

百般思念 提交于 2019-12-11 02:37:16

问题


I have read the references manuals, looked at forum posts (such as, How to hold japanese characters in SPRING MVC POJO's field), and I as far as I know I have done all the things necessary for internationalisation Spring support, but I am having problems the Spring Security 3 In-Memory username matching using Unicode/special characters. Note, that my application uses UTF-8 and all appears well and all works well including entering Unicode password (however, this Unicode password may well be misleading as under the covers it may convert it to another character and this character is encoded instead?). I have a feeling that this non-matching of Unicode Usernames may be a bug with Spring Security In-Memory internalisation, but need this confirmed.

For the benefit of the reader, I have done all the necessary basic configurations, and please note that if I do not use Unicode character for username, everything works as expected otherwise Authentication fails even though the correct credentials are entered. Also, no exceptions are thrown.

My snippets are as follows...

web.xml 

      <filter>
        <filter-name>encodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
          <param-name>encoding</param-name>
          <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
          <param-name>forceEncoding</param-name>
          <param-value>true</param-value>
        </init-param>
      </filter>
      <filter-mapping>
        <filter-name>encodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>

spring-servlet-context.xml

        <default-servlet-handler />

        <interceptors>      
            <beans:bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
                <beans:property name="paramName" value="lang" />
            </beans:bean>

            <beans:bean class="org.springframework.web.servlet.theme.ThemeChangeInterceptor">
                <beans:property name="paramName" value="theme" />
            </beans:bean>   

        </interceptors> 


          <resources mapping="/resources/**" location="/resources/" />


        <beans:bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
            <beans:property name="basename" value="classpath:messages" />
            <beans:property name="defaultEncoding" value="UTF-8"/>
        </beans:bean>

        <beans:bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
            <beans:property name="defaultLocale" value="en"/>
        </beans:bean>

        <!-- Theme setup --> 
        <beans:bean id="themeSource" class="org.springframework.ui.context.support.ResourceBundleThemeSource">
                <beans:property name="basenamePrefix" value="theme-" />
        </beans:bean>

        <beans:bean id="themeResolver" class="org.springframework.web.servlet.theme.CookieThemeResolver">
            <beans:property name="defaultThemeName" value="default" />
        </beans:bean>


        <beans:import resource="spring-security.xml"/>

         <context:component-scan base-package="com.myproject.platform" />

    </beans:beans>

spring-security.xml

      <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />              


      <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="userService">                
            <password-encoder ref="encoder" />                      
        </authentication-provider> 
      </authentication-manager>

      <beans:import resource="user-security-bean-config.xml"/>

user-security-bean-config.xml 

        <user-service id="userService">
          <user name="ışığı" password="encodedpasswordstring" 
                         authorities="R_U,R_A"/>

        </user-service>

Note, if I have user name as, for example, isigi (without special unicode characters), then all works well.

In my jsp files, I have at the top line: 

<%@ page language="java" session="false" contentType="text/html; charset=utf-8" pageEncoding="UTF-8"%>

... and in the head section, I have...

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

And my xml files, UTF-8 declared at the top line, e.g., 

<?xml version="1.0" encoding="UTF-8"?>

回答1:


For the benefit of others who may experience similar problems, the ORDER of the encodingFilter in the web.xml file is very important and it must be at the top of the filter list otherwise it will not work. Even though I have read the link that I posted, somehow I missed it twice, until I read it the third time late last night. I forgot to mention in my post that I had correctly configured Tomcat settings to UTF-8 in the server.xml file by adding URIEncoding="UTF-8" in the appropriate places as follows: 

<Connector port="8080" protocol="HTTP/1.1"
       connectionTimeout="20000"
       redirectPort="8443" 
       URIEncoding="UTF-8"/>


<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />

I hope this answer (together with the setup as stated in the question) will help someone save hours or even nights of frustration of getting special Unicode characters to work with Spring MVC / Security.



来源:https://stackoverflow.com/questions/19226183/internalisation-using-spring-security-in-memory-authentication

标签
Spring
spring-mvc
unicode
spring-security
app-config
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!