堆栈内存溢出
  简体   繁体   English

如何在春季启动时配置自定义AccessDecisionManager和自定义AuthenticationProvider

[英]How to configure custom AccessDecisionManager and custom AuthenticationProvider in spring boot

 原文  2018-07-03 13:25:57       java/ spring/ spring-mvc/ spring-boot/ spring-security

问题描述

Below is my security configuration file, which I want to change into java config 下面是我的安全配置文件,我想将其更改为java config 

<beans:bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
    <beans:property name="accessDecisionManager" ref="accessDecisionManager" />
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="securityMetadataSource" ref="securityMetadataSource" />
</beans:bean>

<authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security">
        <authentication-provider ref="customAuthentication"></authentication-provider>
</authentication-manager>

<beans:bean name="accessDecisionManager" class="com.xy.security.CustomAccessDecisionManager" ></beans:bean>

<beans:bean name="securityMetadataSource" class="com..xy.security.InvocationSecurityMetadataSourceService">
</beans:bean>

<beans:bean id="customAuthentication" class="com.xy.security.CustomAuthentication" />

<beans:bean id="securityExceptionTranslationHandler" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
    <beans:property name="exceptionMappings">
        <beans:props>
            <beans:prop key="org.springframework.security.authentication.CredentialsExpiredException">/changepassword.xhtml</beans:prop>
        </beans:props>
    </beans:property>
    <beans:property name="defaultFailureUrl" value="/login.jsp" />
</beans:bean>    ====================================================

I want to change this to java config below is my code but it's failing 我想将其更改为java config,以下是我的代码,但是失败 

@Configuration

@EnableWebSecurity

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomAuthentication customAuthentication;

    @Autowired
    private CustomAccessDecisionManager customAccessDecisionManager;

    @Autowired
    private InvocationSecurityMetadataSourceService invocationSecurityMetadataSourceService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthentication);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
            .antMatchers("/login*","/favicon.ico","/","/**/*.css" ,"/images/*.*","/js/*.js","/bt-fonts/*.*").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login")
            .defaultSuccessUrl("/admin*")
            .failureUrl("/login?error=true")
            .and()
            .logout().logoutSuccessUrl("/login").invalidateHttpSession(true).deleteCookies("true")
            .and()
            .authenticationProvider(customAuthentication)
            //.accessDecisionManager(customAccessDecisionManager)
            //.authorizeRequests().accessDecisionManager(customAccessDecisionManager)
            //.csrf().disable()
            ;

    }

I have a class where I have custom Authentication logic 我有一个具有自定义身份验证逻辑的类 

public class CustomAccessDecisionManager implements AccessDecisionManager{

  -@Override
    public Authentication authenticate(Authentication authentication){

// some code here } //这里的一些代码} 

}

and another class like below where I have custom Authorization logic 还有另一个类,如下所示,其中我具有自定义授权逻辑 

public class CustomAuthentication implements AuthenticationProvider{

  @Override
    public void decide(Authentication arg0, Object object, Collection<ConfigAttribute> arg2)

// some code here //这里有一些代码 

}

2 个解决方案

解决方案1
 -1  2018-07-03 14:30:07

The first (I would recommend) is to update your configuration to include a WebExpressionVoter. 第一个(我建议)是更新您的配置以包括一个WebExpressionVoter。 For example: 例如: 

     @Bean
public AccessDecissionManager defaultAccessDecisionManager() {
    List<AccessDecisionVoter<FilterInvocation>> voters = new ArrayList<AccessDecisionVoter<FilterInvocation>>();
    voters.add(new WebExpressionVoter());
    voters.add(new CustomVoter());
    AccessDecissionManager result = new UnanimousBased();
    result.setDecisionVoters(voters);
    return result;
}

The second option is to change to not use expressions within Spring Security's url mappings. 第二个选项是更改为不使用Spring Security的URL映射中的表达式。 For example 例如 

protected void configure(HttpSecurity http) throws Exception {
 http
    .apply(new UrlAuthorizationConfigurer())
        .accessDecisionManager(defaultAccessDecisionManager())
        .antMatchers("/admin/**").hasRole("ADMINGROUP")
        .anyRequest().authenticated().and()
    ....

} }

view the below link 查看以下链接

解决方案2
 -1  2018-07-03 14:40:46

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomAuthenticationProvider customAuthenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /**
         * Do your stuff here
         */
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthenticationProvider);
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 春季启动。 HMAC认证。 如何添加自定义AuthenticationProvider和身份验证过滤器? - Spring Boot. HMAC authentication. How to add custom AuthenticationProvider and Authentication filter? 如何在Spring Boot中配置自定义身份验证和授权? - How to configure Custom Authentication and Authorization in spring boot? spring security自定义AuthenticationProvider被调用两次并失败 - spring security custom AuthenticationProvider is called twice and fails Spring Security自定义身份验证 - AuthenticationProvider与UserDetailsS​​ervice - Spring Security Custom Authentication - AuthenticationProvider vs UserDetailsService 用于主体的Spring自定义AuthenticationProvider以及其他数据 - Spring custom AuthenticationProvider for Principal with additional data 在Spring Security 2.06中实现自定义AuthenticationProvider - Implement custom AuthenticationProvider in Spring Security 2.06 Spring Security自定义在AuthenticationManager中注入AuthenticationProvider - spring security custom inject AuthenticationProvider inside AuthenticationManager Spring 安全性 - 自定义 AuthenticationProvider 不起作用 - Java Config - Spring security - Custom AuthenticationProvider not working - Java Config Spring Authentication with Custom AuthenticationProvider Custom UserDetails和Custom Security Context - Spring Security with Custom AuthenticationProvider Custom UserDetails and Custom Security Context 如何在 Spring Boot 应用程序中配置自定义数据库连接超时? - How to configure custom database connection timeout in Spring Boot application?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM