我尝试以Spring Boot方式使用Spring Security的Waffle身份验证。如果谈判失败,预期结果将阻止所有事情。
Waffle项目为这种用例提供configuration example(如果Negotiate失败,这个例子就是简单的HTTP身份验证的后备,我不需要),假设配置是通过{完成的{1}}。但是尽管经过了多次尝试,我还是不了解如何使用Boot和Java-only配置来插入带有Spring Security的Waffle。我使用Spring Boot 1.2.1.RELEASE启动web和安全性,Waffle版本是1.7.3。
我意识到这不是一个特定的问题,但Spring论坛现在重定向到这里,Waffle家伙不了解Spring Boot。有人可以帮我翻译一下XML Spring Security配置到Spring Boot吗?
第一步是声明过滤器链和上下文加载器侦听器。
web.xml我假设(我错了吗?)这已经由<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/waffle-filter.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
处理了,所以这里没什么可做的。
接下来是声明一些提供者bean,所以我翻译了这个
@EnableWebMvcSecurity到这个
<bean id="waffleWindowsAuthProvider" class="waffle.windows.auth.impl.WindowsAuthProviderImpl" />
<bean id="negotiateSecurityFilterProvider" class="waffle.servlet.spi.NegotiateSecurityFilterProvider">
<constructor-arg ref="waffleWindowsAuthProvider" />
</bean>
<bean id="basicSecurityFilterProvider" class="waffle.servlet.spi.BasicSecurityFilterProvider">
<constructor-arg ref="waffleWindowsAuthProvider" />
</bean>
<bean id="waffleSecurityFilterProviderCollection" class="waffle.servlet.spi.SecurityFilterProviderCollection">
<constructor-arg>
<list>
<ref bean="negotiateSecurityFilterProvider" />
<ref bean="basicSecurityFilterProvider" />
</list>
</constructor-arg>
</bean>
<bean id="waffleNegotiateSecurityFilter" class="waffle.spring.NegotiateSecurityFilter">
<property name="Provider" ref="waffleSecurityFilterProviderCollection" />
</bean>
最后一步是@Bean
public WindowsAuthProviderImpl waffleWindowsAuthProvider() {
return new WindowsAuthProviderImpl();
}
@Bean
@Autowired
public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
return new NegotiateSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public BasicSecurityFilterProvider basicSecurityFilterProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
return new BasicSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(final NegotiateSecurityFilterProvider negotiateSecurityFilterProvider, final BasicSecurityFilterProvider basicSecurityFilterProvider) {
final SecurityFilterProvider[] securityFilterProviders = {
negotiateSecurityFilterProvider,
basicSecurityFilterProvider
};
return new SecurityFilterProviderCollection(securityFilterProviders);
}
@Bean
@Autowired
public NegotiateSecurityFilter waffleNegotiateSecurityFilter(final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilter;
}
部分配置。声明一个入口点,并在BASIC auth过滤器之前放置过滤器。
示例:
sec:http我的引导翻译:
<sec:http entry-point-ref="negotiateSecurityFilterEntryPoint">
<sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<sec:custom-filter ref="waffleNegotiateSecurityFilter" position="BASIC_AUTH_FILTER" />
</sec:http>
<bean id="negotiateSecurityFilterEntryPoint" class="waffle.spring.NegotiateSecurityFilterEntryPoint">
<property name="Provider" ref="waffleSecurityFilterProviderCollection" />
</bean>
运行此配置会导致奇怪的行为:有时NTLM会被触发并成功,有时会使用提供的无效令牌协商过滤器崩溃&#39;错误(相同的凭据,用户,浏览器,配置)。
Provided example就像一个魅力,让我觉得我的Boot配置有问题。
任何帮助表示赞赏!
答案 0 :(得分:1)
Spring Boot自动注册所有Filter bean,因此在这种情况下,NegotiateSecurityFilter最终会在过滤器链中出现两次。
您必须通过创建一个覆盖此行为的FilterRegistrationBean来禁用此特定Filter的自动注册:
@Bean
public FilterRegistrationBean registration(NegotiateSecurityFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean(filter);
registration.setEnabled(false);
return registration;
}
另外,正如Dave Syer所提到的,您应该使用ExceptionHandlingConfigurer设置身份验证入口点bean。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint);
// ...
}