我是新的spring-security我使用ActiveDirectory进行了Spring认证,添加
后它正在工作<beans:bean id="myauthenticationrpovider" class="com.holcim.acl.rm.security.MyAuthoritySupplementingProvider">
<beans:constructor-arg ref="ldapActiveDirectoryAuthProvider" />
和bean代码如下
public class MyAuthoritySupplementingProvider implements AuthenticationProvider {
private AuthenticationProvider delegate;
public MyAuthoritySupplementingProvider(AuthenticationProvider delegate) {
this.delegate = delegate;
}
public Authentication authenticate(Authentication authentication) {
final Authentication a = delegate.authenticate(authentication);
//get first username and full User Name from a i.e Authentication.
Object auth = a.getPrincipal();
String username;
String userFullName;
if(auth instanceof LdapUserDetailsImpl){
LdapUserDetailsImpl userDetails = (LdapUserDetailsImpl) auth;
String[] dn = userDetails.getDn().split(",");
String[] temp = dn[0].split("=");
userFullName = temp[1];
username = ((LdapUserDetailsImpl) auth).getUsername();
logger.debug("AD Authentication done ");
logger.debug(userDetails.getDn());
logger.debug("User Full Name " + temp[1]);
logger.debug("UserName is :: "+ username);
}
// Load additional authorities and create an Authentication object
//final List<GrantedAuthority> authorities = loadRolesFromDatabaseHere();
List<AclAuthority> authorities = new ArrayList<AclAuthority>();
authorities.add(AclAuthority.ROLE_ADMIN);
return new AbstractAuthenticationToken(authorities) {
public Object getCredentials() {
throw new UnsupportedOperationException();
}
public Object getPrincipal() {
return a.getPrincipal();
}
};
}
@Override
public boolean supports(Class<?> authentication) {
return delegate.supports(authentication);
}
}
application-security.xml如下
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/static/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
<logout logout-url="/static/j_spring_security_logout" />
<!-- Configure these elements to secure URIs in your application -->
<intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/member/**" access="isAuthenticated()" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/static/**" access="permitAll" />
<intercept-url pattern="/login/**" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
</http>
<!-- Active directory authentication added by Kamlesh A. -->
<!-- LDAP server details -->
<authentication-manager>
<authentication-provider ref="myauthenticationrpovider" />
</authentication-manager>
<beans:bean id="ldapActiveDirectoryAuthProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<beans:constructor-arg value="in.mycompany.net" />
<beans:constructor-arg value="ldap://XXX.XXX.XXX.XXX:PPP" />
<!--<beans:property name="authoritiesMapper" ref="grantedAuthoritiesMapper" />-->
<beans:property name="useAuthenticationRequestCredentials" value="true" />
<beans:property name="convertSubErrorCodesToExceptions" value="true" />
</beans:bean>
<beans:bean id="myauthenticationrpovider" class="com.holcim.acl.rm.security.MyAuthoritySupplementingProvider">
<beans:constructor-arg ref="ldapActiveDirectoryAuthProvider" />
</beans:bean>
</beans:beans>
我经历过这样的问题
Spring Security redirect to previous page after successful login 以及
Unexpected redirect to login page after successful login
成功登录后需要
http://localhost:8080/static/j_spring_security_check
但如果我尝试再打开任何其他网址,请再次登录