我需要我的安全性具有以下逻辑:
- 检查标头参数是否存在
- 根据参数的存在,重定向到登录页面(如果未经过身份验证),或检查基本身份验证令牌
在这两种情况下,我都有相同的身份验证提供程序,但我无法让它工作。
委托入口点工作正常,但我从未进入我的自定义身份验证提供程序......
这是我的安全配置:
<security:global-method-security
secured-annotations="enabled" />
<security:http entry-point-ref="delegatingAuthenticationEntryPoint"
use-expressions="true" auto-config="false">
<!-- <security:custom-filter position="FORM_LOGIN_FILTER" -->
<!-- ref="usernamePasswordAuthenticationFilter" /> -->
<!-- <security:custom-filter position="BASIC_AUTH_FILTER" -->
<!-- ref="basicAuthenticationFilter" /> -->
<security:intercept-url pattern="/login*"
filters="none" />
<security:intercept-url pattern="/portimaLogin*"
filters="none" />
<security:intercept-url pattern="/**"
access="isAuthenticated()" />
</security:http>
<bean id="delegatingAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint">
<constructor-arg>
<map>
<entry key="hasHeader('portima','true')" value-ref="PortimaLoginUrlAuthenticationEntryPoint" />
</map>
</constructor-arg>
<property name="defaultEntryPoint" ref="authenticationEntryPoint" />
</bean>
<bean id="usernamePasswordAuthenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
</bean>
<bean id="basicAuthenticationFilter"
class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
</bean>
<bean id="PortimaLoginUrlAuthenticationEntryPoint"
class="be.ap.common.security.spring.PortimaLoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="${portima.login.page}" />
</bean>
<bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
<property name="realmName" value="AP" />
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="authenticationProvider" />
</security:authentication-manager>
<bean id="authenticationProvider" class="be.ap.common.security.spring.APAuthenticationProvider" />
<bean id="userDetailsService" class="be.ap.common.security.spring.APUserDetailsService" />
任何想法 ?
我终于可以工作了。
这是我的上下文文件:
<security:http entry-point-ref="delegatingAuthenticationEntryPoint"
use-expressions="true">
<security:custom-filter position="PRE_AUTH_FILTER"
ref="preAuthenticationFilter" />
<security:custom-filter position="FORM_LOGIN_FILTER"
ref="usernamePasswordAuthenticationFilter" />
<security:custom-filter position="BASIC_AUTH_FILTER"
ref="basicAuthenticationFilter" />
<security:intercept-url pattern="/login*"
filters="none" />
<security:intercept-url pattern="/portimaLogin*"
filters="none" />
<security:intercept-url pattern="/accessDenied*"
filters="none" />
<security:intercept-url pattern="/**"
access="isAuthenticated()" />
<security:access-denied-handler ref="accessDeniedHandler" />
</security:http>
<!-- Spring Security Custom Filters -->
<bean id="usernamePasswordAuthenticationFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
</bean>
<bean id="basicAuthenticationFilter"
class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
</bean>
<bean id="preAuthenticationFilter" class="be.ap.common.security.spring.APPreAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<!-- Spring Security Custom EntryPoint -->
<bean id="delegatingAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint">
<constructor-arg>
<map>
<entry key="hasHeader('portima','true')" value-ref="PortimaLoginUrlAuthenticationEntryPoint" />
</map>
</constructor-arg>
<property name="defaultEntryPoint" ref="authenticationEntryPoint" />
</bean>
<bean id="PortimaLoginUrlAuthenticationEntryPoint"
class="be.ap.common.security.spring.PortimaLoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="${portima.login.page}" />
</bean>
<bean id="authenticationEntryPoint"
class="be.ap.common.security.spring.APBasicAuthenticationEntryPoint">
<property name="realmName" value="AP" />
</bean>
<bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied" />
</bean>
<bean id="authenticationFailureHandler"
class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
<property name="exceptionMappings">
<props>
<prop
key="org.springframework.security.authentication.BadCredentialsException">
/accessDenied
</prop>
<prop
key="org.springframework.security.authentication.CredentialsExpiredException">
/accessDenied
</prop>
<prop key="org.springframework.security.authentication.LockedException">
/accessDenied
</prop>
<prop
key="org.springframework.security.authentication.DisabledException">
/accessDenied
</prop>
</props>
</property>
</bean>
<!-- Spring Security Authentication Manager -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="authenticationProvider" />
</security:authentication-manager>
<bean id="authenticationProvider" class="be.ap.common.security.spring.APAuthenticationProvider" />
<bean id="userDetailsService" class="be.ap.common.security.spring.APUserDetailsService" />
<!-- for Mock -->
<bean id="SSOService" class="be.ap.security.service.SSOServiceMockImpl" />
正如你所看到的,我也添加了一些东西。
为了解决这个问题,我删除了自动配置属性,取消注释过滤器,并正确定义它们。
对于其他想要快速了解其用途的人,以下是流程:
- PRE_AUTH_FILTER 将检查类似 SSO 的服务来预填充身份验证对象(如果已在 SSO 中进行身份验证)
- 然后 delegatingAuthenticationEntryPoint 将根据请求标头选择如何进行身份验证
- The two ways are :
- 自定义 LoginUrlAuthenticationEntryPoint
- 自定义BasicAuthenticationEntryPoint
当 PreAuth 使用我的 SSO 服务时,BasicAuth 和 LoginURLAuth 使用相同的 AuthenticationProvider。
希望它对其他人有帮助!
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)