发表新帖
发表新帖

Creating a custom authentication with Acegi/Spring Security

前端 未结
关注
3 1180
慢半拍i
慢半拍i 2020-12-24 07:27

I\'m having trouble discovering exactly what I need to implement in order to use a custom authentication method with my web application using Spring Security. I have a Grail

相关标签:
3条回答
  • 被撕碎了的回忆
    2020-12-24 08:01

    I have recently put up a sample application that does custom authentication with Spring Security 3. The source code is here. More details are in this blog post.

    0 讨论(0)
  • 旧时难觅i
    2020-12-24 08:08

    1. Implement a custom AuthenticationProvider which gets all your authentication information from the Authentication: getCredentials(), getDetails(), and getPrincipal().

      Tie it into your Spring Security authentication mechanism using the following configuration snippet:

    <bean id="myAuthenticationProvider" class="com.example.MyAuthenticationProvider">
    <security:custom-authentication-provider />
</bean>

    1. This step is optional, if you can find a suitable one from standard implementations. If not, implement a class extending the Authentication interface on which you can put your authentication parameters: 

      (e.g. a user identifier, timestamp, signature, etc.)

    2. Extend a custom SpringSecurityFilter which ties the above two classes together. For example, the Filter might get the AuthenticationManager and call authenticate() using your implementation of Authentication as input.

      You can extend AbstractAuthenticationProcessingFilter as a start.

      You can reference UsernamePasswordAuthenticationFilter which extends AbstractAuthenticationProcessingFilter. UsernamePasswordAuthenticationFilter implements the standard Username/Password Authentication.

    3. Configure your Spring Security to add or replace the standard AUTHENTICATION_PROCESSING_FILTER. For Spring Security Filter orders, see http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#filter-stack

      Here is a configuration snippet for how to replace it with your implementation:

    <beans:bean id="myFilter" class="com.example.MyAuthenticationFilter">
    <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
</beans:bean>
    0 讨论(0)
  • 醉话见心
    2020-12-24 08:14

    Here is an example of securityContext.xml configuration file using custom autenticationFilter (extending AUTHENTICATION_PROCESSING_FILTER) and authenticationProvider. The user authentication data is provided by jdbc connection. Configuration is for Spring Security 2.0.x

    <?xml version="1.0" encoding="UTF-8"?>

 <sec:global-method-security />

 <sec:http auto-config="false" realm="CUSTOM" create-session="always" servlet-api-provision="true"
  entry-point-ref="authenticationProcessingFilterEntryPoint" access-denied-page="/notauthorized.xhtml"
  session-fixation-protection="migrateSession">
  <sec:port-mappings>
   <sec:port-mapping http="80" https="443" />
  </sec:port-mappings>

  <sec:anonymous granted-authority="ROLE_ANONYMOUS" username="Anonymous" />
  <sec:intercept-url pattern="/**" access="ROLE_ANONYMOUS, ROLE_USER" />

  <sec:logout logout-url="/logoff" logout-success-url="/home.xhtml" invalidate-session="false" />

 </sec:http>

 <bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
  <property name="loginFormUrl" value="/login.xhtml" />
  <property name="forceHttps" value="false" />
 </bean>

 <bean id="authenticationProcessingFilter" class="mypackage.CustomAuthenticationProcessingFilter">
  <sec:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
  <property name="defaultTargetUrl" value="/" />
  <property name="filterProcessesUrl" value="/logon" />
  <property name="authenticationFailureUrl" value="/loginError.xhtml" />
  <property name="alwaysUseDefaultTargetUrl" value="false" />
  <property name="authenticationManager" ref="authenticationManager" />
 </bean>

 <jee:jndi-lookup id="securityDataSource" jndi-name="jdbc/DB_DS" /> 

 <bean id="myUserDetailsService" class="mypackage.CustomJdbcDaoImpl">
  <property name="dataSource" ref="securityDataSource" />
  <property name="rolePrefix" value="ROLE_" />
 </bean>

 <bean id="apcAuthenticationProvider" class="mypackage.CustomDaoAuthenticationProvider">
  <property name="userDetailsService" ref="myUserDetailsService" />
  <sec:custom-authentication-provider />
 </bean>

 <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
  <property name="providers">
   <list>
    <ref local="apcAuthenticationProvider" />
   </list>
  </property>
 </bean>

</beans>
    0 讨论(0)
 看不清?
提交回复
热议问题