[英]Best practice on Spring Security for this requirement
Current Spring
app requires to add additional authentication checking from a POJO
library. 当前的
Spring
应用程序需要从POJO
库中添加其他身份验证检查。 The POJO
library includes several customized authentication module to choose. POJO
库包括几个定制的身份验证模块供您选择。 Some can be quite simple, like check the username and encrypted password within a URL from database, or from a file, others can be LDAP
authentication or Web Service
authenticate. 有些可以非常简单,例如从数据库或文件中检查URL中的用户名和加密密码,其他则可以通过
LDAP
认证或Web Service
认证。
The tricky part is current application has its own authentication method within security.xml, and we don't want to compromise either one. 棘手的部分是,当前应用程序在security.xml中具有自己的身份验证方法,我们不想破坏任何一个。
My goal is make this work based on minimal change. 我的目标是基于最小的更改来进行这项工作。
I think there might be several solutions for this but trying to get a good practice: 我认为可能有几种解决方案,但是要设法获得良好的实践:
authentication provider
to handle the pojo authentication for the authentication manager authentication provider
来处理认证管理器的Pojo认证 pre-authentication
(or something alike) bean for pojo and let app security do the next. pre-authentication
(或类似的东西)bean,然后让应用程序安全执行下一步。 filter class
and register in web.xml
, so this can make minimal change to the existing spring security context, but I am not sure how to make this handle the LDAP and WS authentication. filter class
并在web.xml
注册,因此这可以对现有的spring安全上下文进行最小的更改,但是我不确定如何使它处理LDAP和WS身份验证。 and many other options if anyone can give a better hint. 和许多其他选项(如果有人可以提供更好的提示)。 Thanks in advance.
提前致谢。
Create a custom Spring Authentication manager that extends the one that already exists. 创建一个自定义的Spring Authentication Manager,以扩展已经存在的管理器。 Call super.authenticate() and if that goes through then add the extra authentication logic.
调用super.authenticate(),如果成功,则添加额外的身份验证逻辑。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.