所以我试图在documentation尝试翻译Java需求中的xml“需求”之后创建一个摘要认证弹簧。
假设我们在文档中有xml:
<bean id="digestFilter" class=
"org.springframework.security.web.authentication.www.DigestAuthenticationFilter">
<property name="userDetailsService" ref="jdbcDaoImpl"/>
<property name="authenticationEntryPoint" ref="digestEntryPoint"/>
<property name="userCache" ref="userCache"/>
</bean>
<bean id="digestEntryPoint" class=
"org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint">
<property name="realmName" value="Contacts Realm via Digest Authentication"/>
<property name="key" value="acegi"/>
<property name="nonceValiditySeconds" value="10"/>
</bean>
这是我目前的javaconfig:
@Configuration
@Profile({"integration", "release"})
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Resource(authenticationType = Resource.AuthenticationType.CONTAINER, mappedName = "jdbc/db")
private DataSource datasource;
@Override
protected void registerAuthentication (AuthenticationManagerBuilder auth) throws Exception
{
auth.jdbcAuthentication().dataSource(datasource)
.usersByUsernameQuery("SELECT ID_USER, PASSWORD, ACTIVE FROM USERS WHERE ID_USER = ?;")
.authoritiesByUsernameQuery("SELECT ID_USER, ID_ROLE FROM USER_ROLES WHERE ID_USER = ?");
}
@Bean
public BasicAuthenticationEntryPoint entryPoint ()
{
BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
basicAuthenticationEntryPoint.setRealmName("Basic WF Realm");
return basicAuthenticationEntryPoint;
}
@Bean
public DigestAuthenticationEntryPoint digestEntryPoint ()
{
DigestAuthenticationEntryPoint digestAuthenticationEntryPoint = new DigestAuthenticationEntryPoint();
digestAuthenticationEntryPoint.setKey("mykey");
digestAuthenticationEntryPoint.setRealmName("Digest WF Realm");
return digestAuthenticationEntryPoint;
}
public DigestAuthenticationFilter digestAuthenticationFilter (
DigestAuthenticationEntryPoint digestAuthenticationEntryPoint)
{
DigestAuthenticationFilter digestAuthenticationFilter = new DigestAuthenticationFilter();
digestAuthenticationFilter.setAuthenticationEntryPoint(digestEntryPoint());
// digestAuthenticationFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
return digestAuthenticationFilter;
}
@Override
protected void configure (HttpSecurity http) throws Exception
{
// basic auth - it works!
// http.exceptionHandling().authenticationEntryPoint(entryPoint()).and()
http
.authorizeUrls().antMatchers("/firstres/*").permitAll()
.antMatchers("/secondres/*").permitAll()
.antMatchers("/resources/*").permitAll()
.antMatchers("/**").hasAnyAuthority("first_role", "second_role").and()//.httpBasic();
.addFilter(digestAuthenticationFilter(digestEntryPoint()));
}
}
我刚收到403 - 拒绝访问。 随着httpBasic工作。你能说出我错过的东西吗?
答案 0 :(得分:3)
我不确定您何时获得403 Access Denied,但如果在您通过身份验证之前请求受保护资源时发生这种情况,那么您需要:
@Override
protected void configure (HttpSecurity http) throws Exception
{
http
.exceptionHandling()
// this entry point handles when you request a protected page and
// you are not yet authenticated
.authenticationEntryPoint(digestEntryPoint())
.and()
.authorizeUrls()
.antMatchers("/firstres/*").permitAll()
.antMatchers("/secondres/*").permitAll()
.antMatchers("/resources/*").permitAll()
.antMatchers("/**").hasAnyAuthority("first_role", "second_role").and()
// the entry point on digest filter is used for failed authentication attempts
.addFilter(digestAuthenticationFilter(digestEntryPoint()));
}
@Override
@Bean
public UserDetailsService userDetailsServiceBean() {
return super.userDetailsServiceBean();
}
public DigestAuthenticationFilter digestAuthenticationFilter (
DigestAuthenticationEntryPoint digestAuthenticationEntryPoint)
{
DigestAuthenticationFilter digestAuthenticationFilter = new DigestAuthenticationFilter();
digestAuthenticationFilter.setAuthenticationEntryPoint(digestEntryPoint());
digestAuthenticationFilter.setUserDetailsService(userDetailsServiceBean());
return digestAuthenticationFilter;
}