[英]Spring-Boot: Specify REALMs (security constraints and roles) and CLIENT-CERT authentication in Java code configuration (not XML)?
I've been trying to get CLIENT-CERT realm authentication to work based on the following link: 我一直在尝试根据以下链接使CLIENT-CERT领域身份验证工作:
http://twoguysarguing.wordpress.com/2009/11/03/mutual-authentication-with-client-cert-tomcat-6-and-httpclient/ http://twoguysarguing.wordpress.com/2009/11/03/mutual-authentication-with-client-cert-tomcat-6-and-httpclient/
However, despite using the following web.xml
, 但是,尽管使用了以下web.xml
,
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Demo App</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>secureconn</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Demo App</realm-name>
</login-config>
<security-role>
<role-name>secureconn</role-name>
</security-role>
</web-app>
And for HTTPS to work in general I used the following link: 为了使HTTPS正常工作,我使用了以下链接:
http://thoughtfulsoftware.wordpress.com/2014/01/05/setting-up-https-for-spring-boot/ http://thoughtfulsoftware.wordpress.com/2014/01/05/setting-up-https-for-spring-boot/
And thus I have something like this: 因此,我有这样的事情:
@Configuration
@ComponentScan
@EnableAutoConfiguration
public class Application {
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory();
factory.addContextCustomizers((TomcatContextCustomizer) customizer ->
{
//this is empty at the moment
});
factory.addConnectorCustomizers((TomcatConnectorCustomizer) (Connector con) -> {
//...configuration
});
return factory;
And I also have this to enable Spring Security: 我还具有启用Spring Security的功能:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//...some configuration from the sample at https://spring.io/guides/gs/securing-web/
}
...
}
It seems to me that the embedded Tomcat doesn't really care about the web.xml
content, so I'm guessing I need to configure this from Java, possibly using the Context Customizer
. 在我看来,嵌入式Tomcat 并不真正在乎 web.xml
内容,因此我猜测我需要从Java进行配置,可能使用Context Customizer
。 I've found no resources on doing this whatsoever and most parameters are String , so I'm guessing I'm either doing something terribly wrong, or it's just not documented, or I'm looking at the wrong place. 我没有发现执行此操作的任何资源,而且大多数参数都是String ,所以我猜我在做某件事非常错误,或者只是没有记录在案,或者我在寻找错误的地方。
So my question is, 所以我的问题是
http://java.boot.by/wcd-guide/ch05s03.html http://java.boot.by/wcd-guide/ch05s03.html
How should one specify realms, security contraints, and login configurations / authentication method / url-pattern with Spring-Boot, if not with the web.xml? 如果不使用web.xml,应该如何使用Spring-Boot指定领域,安全性约束和登录配置/身份验证方法/ url-pattern?
Alternative question, 替代问题
If it is possible to make the embedded Tomcat in Spring Boot use web.xml, how is that done? 如果可以使Spring Boot中的嵌入式Tomcat使用web.xml,该怎么做?
EDIT: Actually, considering I'm trying to use CLIENT-CERT auth method, this might be httpSecurity.x509()
which has even less samples... I'm lost. 编辑:实际上,考虑到我正在尝试使用CLIENT-CERT身份验证方法,这可能是httpSecurity.x509()
,它的样本更少了……我迷路了。
Here's a sample using certificate-based authentication at the container level: https://github.com/SpringOne2GX-2014/microservice-security/tree/master/certs (it's more about stuff that would live in server.xml than in web.xml in a non-embedded container). 这是在容器级别使用基于证书的身份验证的示例: https : //github.com/SpringOne2GX-2014/microservice-security/tree/master/certs (更多的是关于server.xml中存在的内容而不是Web中的内容。 xml(非嵌入式容器中)。 That app is secure. 该应用程序是安全的。 If you add a WebSecurityConfigurationAdapter
and call http.x509()
you will also get the authenticated principal turned into an Authentication
and made available in the usual places for Spring Security. 如果添加WebSecurityConfigurationAdapter
并调用http.x509()
您还将获得经过身份验证的主体,该主体转换为Authentication
并在通常的位置提供给Spring Security。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.