我使用Spring Security的,我想用另一個網站作爲我的認證供應商之一。我在我的網站上有一個基於表單的基本登錄。我希望在我的網站上有一個鏈接,讓用戶訪問他們將登錄的外部網站,然後外部網站會將xml響應發回給我,並提供可驗證的數據以查看登錄是否成功。任何幫助將不勝感激!集成單點登錄使用Spring的安全
- 你怎麼集成了流入春季安全?
- 一旦我得到的迴應回來,我將如何自動登錄的用戶嗎?
例如使用下面的指導:
濾波器(未示出我的數據從XML脫落請求):
public class XMLAuthenticationFilter extends AbstractAuthenticationProcessingFilter{
public XMLAuthenticationFilter() {
super("/xml_security_check");
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException, ServletException {
GrantedAuthority[] grantedAuthorities = new GrantedAuthority[] { new GrantedAuthorityImpl("ROLE_USER")};
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("userid", "pwd", grantedAuthorities);
request.getSession();
token.setDetails(new WebAuthenticationDetails(request));
Authentication authenticatedUser = super.getAuthenticationManager().authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
return authenticatedUser;
}
}
驗證提供者:
public class XMLAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider{
private UserManager userManager;
@Override
protected void additionalAuthenticationChecks(UserDetails user, UsernamePasswordAuthenticationToken token) throws AuthenticationException {
}
@Override
protected UserDetails retrieveUser(String userName, UsernamePasswordAuthenticationToken token) throws AuthenticationException {
UserDetails user = userManager.getUser(userName);
if(user == null){
Users newDCUser = new Users();
newDCUser.setUserId(userName);
newDCUser.setRawPassword((String) token.getCredentials());
newDCUser.setFailedLoginAttempts(0);
newDCUser.setBeginEffectiveDate(new Date());
newDCUser.setEndEffectiveDate(getEffectiveDate());
userManager.saveUser(newDCUser);
}
return userManager.loadUserByUsername(userName);
}
private Date getEffectiveDate(){
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.YEAR, 10);
return calendar.getTime();
}
public UserManager getUserManager() {
return userManager;
}
public void setUserManager(UserManager userManager) {
this.userManager = userManager;
}
}
豆配置:
<bean id="xmlAuthenticationFilter" class="com.dc.api.service.impl.XMLAuthenticationFilter">
<property name="authenticationManager" ref="am" />
</bean>
<bean id="xmlAuthenticationProvider" class="com.dc.api.service.impl.XMLAuthenticationProvider">
<property name="userManager" ref="userManager"/>
</bean>
是否在外部網站使用Spring Security,是它在同一個域中? – sourcedelica 2011-03-19 22:17:26
嗨ericacm,謝謝你的迴應。否這兩個問題。我必須重定向到它,然後他們用一個xml來回發給我一個POST,我必須解析並使用它的屬性來判斷用戶是否成功通過驗證。有任何想法嗎? – c12 2011-03-19 23:08:18
它是SAML還是一些自定義XML,對於該網站來說是獨一無二的? – sourcedelica 2011-03-19 23:24:32