目前我正在使用Spring Security编写Web应用程序。我们有一个Web服务,通过用户名和密码对用户进行身份验证。
网络服务:
String[] login(String username, String password);
如何配置Spring Security以将提供的用户名和密码传递给Web服务?
我写了一个只收到用户名的UserDetailsService。
我认为问题在于你的xml。你关掉了自动配置吗?你的类是否扩展了AbstractUserDetailsAuthenticationProvider?
答案 0 :(得分:6)
扩展org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider
/**
* @author rodrigoap
*
*/
public class WebServiceUserDetailsAuthenticationProvider extends
AbstractUserDetailsAuthenticationProvider {
@Override
protected UserDetails retrieveUser(String username,
UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
//Improve this line:
String password = authentication.getCredentials().toString();
// Invoke your webservice here
GrantedAuthority[] grantedAuth = loginWebService.login(username, password);
// create UserDetails. Warning: User is deprecated!
UserDetails userDetails = new User(username, password, grantedAuth);
return userDetails;
}
}
答案 1 :(得分:4)
我写了以下课程:
PncUserDetailsAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider
实现recieveUser方法:
@Override
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken token) throws AuthenticationException {
try {
server = (PncUtilRemote) new InitialContext().lookup("PncUtilBean");
if (server != null) {
String password = SHA1(token.getCredentials().toString());
String[] auth = server.login(username, password);
if (auth.length > 0) {
PncUserDetails details = new PncUserDetails(username, password);
for (int i = 0; i < auth.length; i++) {
details.addAuthority(auth[i]);
}
return details;
}
}
} catch (Exception e) {
System.out.println("! " + e.getClass().getName() + " in com.logica.pnc.security.PncUserDetailsAuthenticationProvider.retrieveUser(String, UsernamePasswordAuthenticationToken): " + e.getMessage());
}
throw new BadCredentialsException("");
}
@Override
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken token) throws AuthenticationException {
try {
server = (PncUtilRemote) new InitialContext().lookup("PncUtilBean");
if (server != null) {
String password = SHA1(token.getCredentials().toString());
String[] auth = server.login(username, password);
if (auth.length > 0) {
PncUserDetails details = new PncUserDetails(username, password);
for (int i = 0; i < auth.length; i++) {
details.addAuthority(auth[i]);
}
return details;
}
}
} catch (Exception e) {
System.out.println("! " + e.getClass().getName() + " in com.logica.pnc.security.PncUserDetailsAuthenticationProvider.retrieveUser(String, UsernamePasswordAuthenticationToken): " + e.getMessage());
}
throw new BadCredentialsException("");
}
要启用AuthenticationProvider,您需要在application-context.xml文件中添加一些行:
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list><ref local="PncAuthenticationProvider" /></list>
</property>
</bean>
<bean id="PncAuthenticationProvider" class="com.logica.pnc.security.PncUserDetailsAuthenticationProvider">
<security:custom-authentication-provider />
</bean>
将auto-config设置为false非常重要:
<security:http auto-config="false" />
感谢rodrigoap指向AuthenticationProvider thingy:)
答案 2 :(得分:0)
UserDetailsService的想法是您的实现提供了一个UserDetails对象,表示具有该用户名的用户,Spring Security处理检查凭据。
如果这种设计不适合您的后端,因为您需要密码作为参数,那么您可能需要查看实现自己的AuthenticationProvider。