将每个http块映射到特定的身份验证提供程序

时间:2011-04-27 17:07:39

标签: spring-security

我想根据用户的上下文路径建立我的Spring Security配置。如果用户违反了http://path1/resource1的网址,我希望将其定向到特定的身份验证提供程序。如果他们进入http://path2/resource2,我想将他们引导到另一个身份验证提供商。这些url路径是基于REST的Web服务调用,这就是为什么它们是无状态的而不是来自表单。目前,所有身份验证提供程序都已执这种情况的最佳方法是什么?我正在使用spring-security 3.1.0.M1。 

<http pattern="/path1/**" create-session="stateless">
        <intercept-url pattern="/**" access="ROLE_USER,ROLE_VAR,ROLE_ADMIN" />
        <http-basic />      
</http>
<http pattern="/path2/**" create-session="stateless">
        <intercept-url pattern="/**" access="ROLE_USER,ROLE_VAR,ROLE_ADMIN" />
        <http-basic />      
</http>

2 个答案:

答案 0 :(得分:7)

您可以在每个http块中定义身份验证管理器引用:

<http pattern="/api/**" authentication-manager-ref="apiAccess">
    ...
</http>

<http auto-config = "true" authentication-manager-ref="webAccess">
    ...
</http>

<!-- Web authentication manager -->
<authentication-manager id="webAccess">
    <authentication-provider
        user-service-ref="userService">
    </authentication-provider>
</authentication-manager>

<!-- API authentication manager -->    
<authentication-manager id="apiAccess">
    <authentication-provider
        user-service-ref="developerService">
    </authentication-provider>
</authentication-manager>

Spring Security 3.1中添加了此功能。

答案 1 :(得分:0)

这对我有用:

<security:authentication-manager alias="basicAuthenticationManager">
  <security:authentication-provider user-service-ref="accountService">
    <security:password-encoder hash="sha"/>
  </security:authentication-provider>
  <security:authentication-provider user-service-ref="accountService"/>
</security:authentication-manager>

<bean id="basicProcessingFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
    <property name="authenticationManager">
        <ref bean="basicAuthenticationManager" />
    </property>    
    <property name="authenticationEntryPoint">
        <ref bean="basicProcessingEntryPoint" />
    </property>
</bean>

<bean id="basicProcessingEntryPoint"
    class="com.yourpackage.web.util.CustomBasicAuthenticationEntryPoint">
    <property name="realmName" value="yourRealm" />
</bean>

<!-- Stateless RESTful service using Basic authentication -->   
<security:http pattern="/rest/**" create-session="stateless" entry-point-ref="basicProcessingEntryPoint">       
    <security:custom-filter ref="basicProcessingFilter" position="BASIC_AUTH_FILTER" />     
    <security:intercept-url pattern="/rest/new" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <security:intercept-url pattern="/rest/**" access="ROLE_USER" />
</security:http>

<!-- Additional filter chain for normal users, matching all other requests -->
<security:http use-expressions="true">
    <security:intercept-url pattern="/index.jsp" access="permitAll" />      
    <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

    <security:form-login login-page="/signin" 
        authentication-failure-url="/signin?signin_error=1" 
        default-target-url="/" 
        always-use-default-target="true"/>      
    <security:logout />
</security:http>

我实现了身份验证入口点,因为我需要在某些情况下发送一些特殊的错误代码,但您不需要这样做。

相关问题
最新问题