![](/img/trans.png)
[英]Spring security custom UsernamePasswordAuthenticationFilter not replacing default UsernamePasswordAuthenticationFilter
[英]Configure Spring Security to use custom UsernamePasswordAuthenticationFilter
我已经实现了我自己的LowerCaseUsernamePasswordAuthenticationFilter
,它只是UsernamePasswordAuthenticationFilter
的子类。
但现在我的问题是,如何配置Spring安全性来使用此过滤器。
到目前为止我用过:
<security:http auto-config="true" use-expressions="true">
<security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
<security:logout logout-url="/resources/j_spring_security_logout" />
<security:intercept-url pattern="/**" access="isAuthenticated()" requires-channel="${cfma.security.channel}" />
</security:http>
我是否真的要auto-config
并需要手动配置所有过滤器? - 如果这是真的,有人可以提供一个例子吗?
简单地添加security:custom-filter
:
<security:http ...>
<security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
<security:custom-filter ref="lowerCaseUsernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/>
...
</security:http>
确实导致该消息的异常:
配置问题:过滤bean
<lowerCaseUsernamePasswordAuthenticationFilter>
和'Root bean:class [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]; 范围=; 抽象= FALSE; lazyInit = FALSE; autowireMode = 0; dependencyCheck = 0; autowireCandidate = TRUE; 初级= FALSE; factoryBeanName = NULL; factoryMethodName = NULL; initMethodName = NULL; destroyMethodName = null'具有相同的'order'值。 使用自定义过滤器时,请确保这些位置与默认过滤器不冲突。 或者,您可以通过删除相应的子元素并避免使用来禁用默认过滤器。
我通过手工编写所需的自动配置bean来完成它。 这是结果:
<!-- HTTP security configurations -->
<security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<!--
<security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
replaced by lowerCaseUsernamePasswordAuthenticationFilter
the custom-filter with position FORM_LOGIN_FILTER requries that auto-config is false!
-->
<security:custom-filter ref="lowerCaseUsernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/>
<security:logout logout-url="/resources/j_spring_security_logout" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
</security:http>
<bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login"/>
</bean>
<bean id="lowerCaseUsernamePasswordAuthenticationFilter"
class="com.queomedia.cfma.infrastructure.security.LowerCaseUsernamePasswordAuthenticationFilter">
<property name="filterProcessesUrl" value="/resources/j_spring_security_check"/>
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login?login_error=t"/>
</bean>
</property>
</bean>
这是Scala中的一个示例。 我必须这样做才能替换Spring Security OAuth提供的过滤器。
基本上这个想法是,将FilterChainProxy
和要替换的现有过滤器注入过滤器。 找到filterChainMap
的现有过滤器并将其替换为您的过滤器。
import org.springframework.security.oauth2.provider.verification.{VerificationCodeFilter => SpringVerificationCodeFilter}
@Component
class VerificationCodeFilter extends SpringVerificationCodeFilter with InitializingBean {
@Autowired var filterChainProxy: FilterChainProxy = _
@Autowired var springVerificationCodeFilter: SpringVerificationCodeFilter = _
override def afterPropertiesSet() {
super.afterPropertiesSet()
val filterChainMap = filterChainProxy.getFilterChainMap
val filterChain =
filterChainMap.find(_._2.exists(_.isInstanceOf[SpringVerificationCodeFilter])).
getOrElse(throw new Exception("Could not find VerificationCodeFilter in FilterChainMap"))._2
val index = filterChain.indexOf(springVerificationCodeFilter)
filterChain.remove(index)
filterChain.add(index, this)
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.