看看下面的示例。你必须返回UsernamePasswordAuthenticationToken。它包含主体和GrantedAuthorities。希望我能帮助:)
public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getPrincipal() + ""; String password = authentication.getCredentials() + ""; User user = userRepo.findOne(username); if (user == null) { throw new BadCredentialsException("1000"); } if (!enprer.matches(password, user.getPassword())) { throw new BadCredentialsException("1000"); } if (user.isDisabled()) { throw new DisabledException("1001"); } List<Right> userRights = rightRepo.getUserRights(username); return new UsernamePasswordAuthenticationToken(username, null, userRights.stream().map(x -> new SimpleGrantedAuthority(x.getName())).collect(Collectors.toList()));}PS:userRepo和rightRepo是访问我的自定义User-DB的Spring-Data-JPA存储库
SpringSecurity JavaConfig:@Configuration@EnableWebMvcSecuritypublic class MySecurityConfiguration extends WebSecurityConfigurerAdapter {public MySecurityConfiguration() { super(false);}@Overrideprotected AuthenticationManager authenticationManager() throws Exception { return new ProviderManager(Arrays.asList((AuthenticationProvider) new AuthProvider()));}}
