我正在Spring中创建身份验证服务。
在我的身份验证中,我需要连接到外部webserwice,发送登录名和密码,以检查用户是否存在于另一个系统中。
我想要的方式是创建外部ProviderManarer。
我的spring-security.xml
文件是:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http pattern="/resources/**" security="none"/>
<security:http authentication-manager-ref="userAuthManager" disable-url-rewriting="true" auto-config="true" use-expressions="true">
<security:intercept-url pattern="/" access="permitAll"/>
<security:intercept-url pattern="/adminPanel/" access="permitAll"/>
<security:intercept-url pattern="/adminPanem/**" access="hasAnyRole('USER_ROLE', 'ADMIN_ROLE')"/>
<security:form-login login-page="/adminPanel" default-target-url="/adminPanel/panel"
authentication-failure-url="/adminPanel"/>
<security:logout logout-success-url="/adminPanel"/>
</security:http>
<bean id="userAuth" class="org.myapp.app.backEnd.auth.UserAuthentication"/>
<beans:bean id="userAuthManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="userAuth"/>
</beans:list>
</beans:property>
</beans:bean>
</beans>
我的测试身份验证提供程序是:
public class UserAuthentication implements AuthenticationProvider{
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
System.out.println(" test " );
System.out.println(authentication.getCredentials().toString());
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ADMIN_ROLE"));
return new UsernamePasswordAuthenticationToken("test", authentication.getCredentials(), authorities); //To change body of implemented methods use File | Settings | File Templates.
}
@Override
public boolean supports(Class<?> aClass) {
return false; //To change body of implemented methods use File | Settings | File Templates.
}
}
但是,有一个问题 - 我的配置不会调用public Authentication authenticate
方法。
没有输出。
另外
我在Spring 3.2中看到了:
<beans:bean id="userAuthManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="userAuth"/>
</beans:list>
</beans:property>
</beans:bean>
:
<beans:property name="providers"> is depricated.
您知道如何在Spring 3.2中正确配置它吗?
如何创建正确的配置。
答案 0 :(得分:0)
使用<authentication-manager>
所述的here标记:
<security:authentication-manager alias="userAuthManager">
<security:authentication-provider ref="userAuth" />
</security:authentication-manager>