Question

我有一个现有的Java / Spring / Hibernate webapp，带有经典的数据库身份验证。我刚刚将其成功迁移到Crowd SSO平台。一切都按预期工作，但现在我想配置Spring Security以回退到我以前的身份验证系统，如果Crowd服务器关闭。

我从未配置过这样的级联身份验证，到目前为止，我用google阅读的内容对我没有帮助。你知道我怎么做到的吗？

这是我的Spring安全配置：

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns="http://www.springframework.org/schema/security"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
         http://www.springframework.org/schema/util
         http://www.springframework.org/schema/util/spring-util-3.0.xsd
         http://www.springframework.org/schema/security
         http://www.springframework.org/schema/security/spring-security-3.1.xsd"
         xmlns:util="http://www.springframework.org/schema/util"
         default-autowire="byName">

<http entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint">
    <intercept-url pattern="/**/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/**/logout" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/**/login.html" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <intercept-url pattern="/admin/**" access="ROLE_ADMINISTRATOR"/>
    <intercept-url pattern="/**" access="ROLE_ADMINISTRATOR"/>
    <custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"/>
    <custom-filter position="LOGOUT_FILTER" ref="logoutFilter"/>
</http>

<!-- My previous authentication filter -->
<beans:bean id="authenticationFilter"
            class="my.package.security.CustomAuthenticationProcessingFilter">
    <beans:property name="authenticationManager" ref="formAuthenticationManager"/>
    <beans:property name="filterProcessesUrl" value="/login"/>
    <beans:property name="continueChainBeforeSuccessfulAuthentication" value="false"/>
    <beans:property name="postOnly" value="true"/>
    <beans:property name="authenticationSuccessHandler" ref="authenticationHandler"/>
    <beans:property name="authenticationFailureHandler" ref="authenticationHandler"/>
</beans:bean>
<beans:bean id="authenticationHandler" class="my.package.security.CustomAuthenticationHandler">
    <beans:property name="alwaysUseDefaultTargetUrl" value="false"/>
</beans:bean>
<beans:bean id="customAuthenticationProvider"
            class="my.package.security.MyDaoAuthenticationProvider">
    <beans:property name="SaltSource">
        <beans:bean class="org.springframework.security.authentication.dao.ReflectionSaltSource">
            <beans:property name="userPropertyToUse" value="salt"/>
        </beans:bean>
    </beans:property>
</beans:bean>

<!-- Crowd config -->
<beans:bean id="crowdUserDetailsService" class="my.package.security.CustomCrowdUserDetailsServiceImpl">
    <beans:property name="authenticationManager" ref="crowdAuthenticationManager"/>
    <beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/>
    <beans:property name="userManager" ref="crowdUserManager"/>
    <beans:property name="authorityPrefix" value=""/>
    <beans:property name="userController" ref="userController"/>
</beans:bean>


<beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
    <beans:constructor-arg ref="crowdAuthenticationManager"/>
    <beans:constructor-arg ref="httpAuthenticator"/>
    <beans:constructor-arg ref="crowdUserDetailsService"/>
</beans:bean>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref='crowdAuthenticationProvider' />
</authentication-manager>

<beans:bean id="crowdAuthenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <beans:constructor-arg value="/login.html"/>
</beans:bean>

<beans:bean id="authenticationProcessingFilter" class="com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter">
    <beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
    <beans:property name="authenticationManager" ref="authenticationManager"/>
    <beans:property name="filterProcessesUrl" value="/login"/>
    <beans:property name="authenticationFailureHandler">
        <beans:bean class="com.atlassian.crowd.integration.springsecurity.UsernameStoringAuthenticationFailureHandler">
            <beans:property name="defaultFailureUrl" value="/login.html?login_error=1"/>
        </beans:bean>
    </beans:property>
    <beans:property name="authenticationSuccessHandler">
        <beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
            <beans:property name="defaultTargetUrl" value="/flexibility.html"/>
        </beans:bean>
    </beans:property>
</beans:bean>

<beans:bean id="crowdLogoutHandler" class="com.atlassian.crowd.integration.springsecurity.CrowdLogoutHandler">
    <beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
</beans:bean>

<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <beans:constructor-arg value="/login.html"/>
    <beans:constructor-arg>
        <beans:list>
            <beans:ref bean="crowdLogoutHandler"/>
            <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
        </beans:list>
    </beans:constructor-arg>
    <beans:property name="filterProcessesUrl" value="/logout"/>
</beans:bean>

Answer 1

您需要的是配置了多个身份验证提供程序的身份验证管理器。 This 举个例子

使用身份验证回退配置Crowd Spring Security

1 个答案: