在Spring Boot和Tomcat中使用容器管理的身份验证

时间:2018-06-14 13:30:58

标签: java spring-boot tomcat spring-security

我有tomcat-users.xml

<role rolename="ROLE_ADMIN"/>
<user username="test" password="qwerty" roles="ROLE_ADMIN"/>

我想在我的Spring Boot休息服务中使用它。我创建了配置:

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private String tomcatRoleName;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic().and().authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .jee()
                .j2eePreAuthenticatedProcessingFilter(j2eePreAuthenticatedProcessingFilter());
    }

    @Bean
    public J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter() throws Exception {
        final J2eePreAuthenticatedProcessingFilter j2eePreAuthenticatedProcessingFilter = new J2eePreAuthenticatedProcessingFilter();
        j2eePreAuthenticatedProcessingFilter.setAuthenticationManager(authenticationManagerBean());

        final J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource = new J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource();
        j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.setMappableRolesRetriever(simpleMappableAttributesRetriever());

        final SimpleAttributes2GrantedAuthoritiesMapper simpleAttributes2GrantedAuthoritiesMapper = new SimpleAttributes2GrantedAuthoritiesMapper();
        simpleAttributes2GrantedAuthoritiesMapper.setConvertAttributeToUpperCase(true);
        j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.setUserRoles2GrantedAuthoritiesMapper(simpleAttributes2GrantedAuthoritiesMapper);

        j2eePreAuthenticatedProcessingFilter.setAuthenticationDetailsSource(j2eeBasedPreAuthenticatedWebAuthenticationDetailsSource);
        return j2eePreAuthenticatedProcessingFilter;
    }

    @Bean
    public MappableAttributesRetriever simpleMappableAttributesRetriever() {
        final SimpleMappableAttributesRetriever simpleMappableAttributesRetriever = new SimpleMappableAttributesRetriever();
        simpleMappableAttributesRetriever.setMappableAttributes(ImmutableSet.of("ROLE_ADMIN"));
        return simpleMappableAttributesRetriever;
    }
}

但是,当我运行此应用程序并尝试登录时,出现错误:

2018-06-14 16:26:15.452 DEBUG 15633 --- [io-8080-exec-10] p.j.J2eePreAuthenticatedProcessingFilter : Checking secure context token: null
2018-06-14 16:26:15.452 DEBUG 15633 --- [io-8080-exec-10] p.j.J2eePreAuthenticatedProcessingFilter : PreAuthenticated J2EE principal: null
2018-06-14 16:26:15.452 DEBUG 15633 --- [io-8080-exec-10] p.j.J2eePreAuthenticatedProcessingFilter : No pre-authenticated principal found in request

看来Spring没有看到Tomcat's个用户。任何想法如何解决它?

0 个答案:

没有答案