0
我在Spring中創建身份驗證服務。SpringSecurity外部ProviderManager
在我的身份驗證中,我需要連接到外部webserwice,發送登錄名和密碼,以檢查用戶是否存在於另一個系統中。
我想這樣做的方式是創建外部ProviderManarer。
我spring-security.xml
文件是:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http pattern="/resources/**" security="none"/>
<security:http authentication-manager-ref="userAuthManager" disable-url-rewriting="true" auto-config="true" use-expressions="true">
<security:intercept-url pattern="/" access="permitAll"/>
<security:intercept-url pattern="/adminPanel/" access="permitAll"/>
<security:intercept-url pattern="/adminPanem/**" access="hasAnyRole('USER_ROLE', 'ADMIN_ROLE')"/>
<security:form-login login-page="/adminPanel" default-target-url="/adminPanel/panel"
authentication-failure-url="/adminPanel"/>
<security:logout logout-success-url="/adminPanel"/>
</security:http>
<bean id="userAuth" class="org.myapp.app.backEnd.auth.UserAuthentication"/>
<beans:bean id="userAuthManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="userAuth"/>
</beans:list>
</beans:property>
</beans:bean>
</beans>
而我的測試認證提供商是:
public class UserAuthentication implements AuthenticationProvider{
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
System.out.println(" test ");
System.out.println(authentication.getCredentials().toString());
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ADMIN_ROLE"));
return new UsernamePasswordAuthenticationToken("test", authentication.getCredentials(), authorities); //To change body of implemented methods use File | Settings | File Templates.
}
@Override
public boolean supports(Class<?> aClass) {
return false; //To change body of implemented methods use File | Settings | File Templates.
}
}
但是,有一個問題 - 我的配置不調用public Authentication authenticate
方法。
沒有輸出。
此外
我看到,在春季3.2:
<beans:bean id="userAuthManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="userAuth"/>
</beans:list>
</beans:property>
</beans:bean>
的:
<beans:property name="providers"> is depricated.
你知道如何配置它正確地在Spring 3.2?
如何創建正確的配置。
做我需要添加 '別名'? – Ilkar 2013-02-20 11:18:41
好吧,我已經chenged XML文件。我已經添加了 security:authentication-manager>。但它不會調用驗證方法。 –
Ilkar
2013-02-20 11:23:57
你可以打開[debug](http://static.springsource.org/spring-security/site/docs/3.2.x/reference/springsecurity-single.html#nsa-debug)on(add' 'to你的配置,嘗試登錄併發布輸出作爲編輯在您的文章)? –
Xaerxess
2013-02-20 11:54:00