SpringSecurity外部ProviderManager

时间:2013-02-20 11:08:06

标签: spring-security

我正在Spring中创建身份验证服务。

在我的身份验证中,我需要连接到外部webserwice,发送登录名和密码,以检查用户是否存在于另一个系统中。

我想要的方式是创建外部ProviderManarer。

我的spring-security.xml文件是:

    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:beans="http://www.springframework.org/schema/beans"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.1.xsd">


    <security:http pattern="/resources/**" security="none"/>
    <security:http authentication-manager-ref="userAuthManager" disable-url-rewriting="true" auto-config="true" use-expressions="true">
        <security:intercept-url pattern="/" access="permitAll"/>
        <security:intercept-url pattern="/adminPanel/" access="permitAll"/>
        <security:intercept-url pattern="/adminPanem/**" access="hasAnyRole('USER_ROLE', 'ADMIN_ROLE')"/>
        <security:form-login login-page="/adminPanel" default-target-url="/adminPanel/panel"
                authentication-failure-url="/adminPanel"/>
        <security:logout logout-success-url="/adminPanel"/>
    </security:http>

    <bean id="userAuth" class="org.myapp.app.backEnd.auth.UserAuthentication"/>

    <beans:bean id="userAuthManager" class="org.springframework.security.authentication.ProviderManager">
        <beans:property name="providers">
            <beans:list>
                <beans:ref local="userAuth"/>
            </beans:list>
        </beans:property>
    </beans:bean>


</beans>

我的测试身份验证提供程序是:

public class UserAuthentication implements  AuthenticationProvider{


     @Override
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {

            System.out.println(" test " );

            System.out.println(authentication.getCredentials().toString());

            List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

            authorities.add(new SimpleGrantedAuthority("ADMIN_ROLE"));

            return new UsernamePasswordAuthenticationToken("test", authentication.getCredentials(), authorities);  //To change body of implemented methods use File | Settings | File Templates.
        }

        @Override
        public boolean supports(Class<?> aClass) {
            return false;  //To change body of implemented methods use File | Settings | File Templates.
        }
    }

但是,有一个问题 - 我的配置不会调用public Authentication authenticate方法。

没有输出。

另外

我在Spring 3.2中看到了:

<beans:bean id="userAuthManager" class="org.springframework.security.authentication.ProviderManager">
    <beans:property name="providers">
        <beans:list>
            <beans:ref local="userAuth"/>
        </beans:list>
    </beans:property>
</beans:bean>

<beans:property name="providers"> is depricated.

您知道如何在Spring 3.2中正确配置它吗?

如何创建正确的配置。

1 个答案:

答案 0 :(得分:0)

使用<authentication-manager>所述的here标记:

<security:authentication-manager alias="userAuthManager">
  <security:authentication-provider ref="userAuth" />
</security:authentication-manager>