通过Spring的Mule身份验证不会返回403

时间:2015-06-16 20:50:41

标签: spring authentication spring-security mule

我正在尝试为Mule 3上的Rest服务创建身份验证。如果我传递一些用户/密码Spring拦截它,我可以在我的java类上进行身份验证。但是,如果传递错误的用户/密码,我返回null Mule不响应403错误。我怎样才能使它有效?

mule xml:     

<spring:beans>
    <spring:bean class="br.com.arizona.custom_authentication_provider.CustomAuthenticationProvider" id="customAuthenticationProvider"/>
</spring:beans>

<spring:beans>
    <security:authentication-manager alias="secAuthSample">  
        <security:authentication-provider ref="customAuthenticationProvider"/> 
    </security:authentication-manager>
</spring:beans>

<spring-security:security-manager>
    <spring-security:delegate-security-provider name="memory-provider" delegate-ref="secAuthSample"/>
</spring-security:security-manager>

<flow name="testFlow">
    <http:listener config-ref="HTTP_Listener_Configuration" path="/teste" doc:name="HTTP"/>
    <spring-security:http-security-filter  realm="mule-realm" securityProviders="memory-provider" />
    <response>
       <logger message="response" level="INFO" doc:name="Logger"/>
    </response>
    <logger message="passed" level="INFO" doc:name="Logger"/>
</flow>

CustomAuthenticationProvider.java:

package br.com.arizona.custom_authentication_provider;

import java.util.ArrayList;
import java.util.List;

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String name = authentication.getName();
    String password = authentication.getCredentials().toString();

    System.out.println(name);
    System.out.println(password);

    if (name.equals("admin") && password.equals("system")) {
        List<GrantedAuthority> grantedAuths = new ArrayList<>();
        grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
        Authentication auth = new UsernamePasswordAuthenticationToken(name, password, grantedAuths);
        return auth;
    } else {
        //throw new BadCredentialsException("Bad Credentials");
        return null;
    }
    }

    @Override
    public boolean supports(Class<?> authentication) {
    return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
}

2 个答案:

答案 0 :(得分:0)

您是否添加了安全过滤器:https://developer.mulesoft.com/docs/display/current/Configuring+the+Spring+Security+Manager#ConfiguringtheSpringSecurityManager-SecurityFilters

答案 1 :(得分:0)

它返回什么,你得到200?

事情依赖于你的其余部分。您可以手动检查身份验证是否正常,并使用消息属性转换器将出站属性范围中的http.status设置为403。这通常是在使用REST时如何处理其他响应代码。

我假设您的身份验证机制正常运行,只是在错误登录时缺少403。

相关问题
最新问题