[英]Simple Spring MVC+security setup
I am trying to set up a simple spring mvc / spring security webapp, but I can't seem to find the way to accomplish this: 我正在尝试建立一个简单的spring mvc / spring security webapp,但是我似乎找不到实现此目的的方法:
How do I go about implementing the last stage? 我该如何执行最后一个阶段?
I am not sure if I understand your question fully, but if I understand it correctly, you can perhaps extend AbstractPreAuthenticatedProcessingFilter and override getPreAuthenticatedPrincipal and getPreAuthenticatedCredentials with calls to your restful service/controller etc. The override AuthenticationUserDetailsService and probide a simple service, and add that your security context, like this: 我不确定我是否完全理解您的问题,但是如果我理解正确,则可以扩展AbstractPreAuthenticatedProcessingFilter并使用对您的宁静服务/控制器等的调用覆盖getPreAuthenticatedPrincipal和getPreAuthenticatedCredentials。重写AuthenticationUserDetailsService并提供简单的服务,并添加您的安全上下文,如下所示:
<beans:bean id="preauthAuthProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService">
<beans:bean class="com.YourCompany.YourPreAuthenticatedGrantedAuthoritiesUserDetailsService"></beans:bean>
</beans:property>
<beans:property name="order" value="1"/>
</beans:bean>
<authentication-manager alias="authenticationManager" >
<authentication-provider ref="preauthAuthProvider" ></authentication-provider>
</authentication-manager>
OK the answer is basically: OK,答案基本上是:
SecurityContextHolder.getContext().setAuthentication(...)
However to be able to use it in the scenario I described above where the Spring MVC controller controls the authentication process, a few other things need to be done: 但是,要能够在上面所述的Spring MVC控制器控制身份验证过程的场景中使用它,还需要做一些其他事情:
Spring security won't start up without an authentication manager which isn't used in this scenario, so I created a null authentication manager: 没有这种情况下不使用的身份验证管理器,Spring安全将无法启动,因此我创建了一个空身份验证管理器:
@Service("nullAuthenticationProvider") public class NullAuthenticationProvider implements AuthenticationProvider { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { return authentication; } @Override public boolean supports(Class<?> authentication) { return true; } }
And finally the spring context.xml: 最后是spring context.xml:
<security:global-method-security secured-annotations="enabled" /> <security:http disable-url-rewriting="true"> <security:access-denied-handler error-page="/login" /> <security:form-login login-page="/login" /> </security:http> <security:authentication-manager> <security:authentication-provider ref='nullAuthenticationProvider'/> </security:authentication-manager>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.