我有一个供两组用户使用的应用程序,即公司和外部客户的内部用户。我的应用程序将通信数据库和LDAP或数据库和SAML。可以根据存储在数据库中的用户名来区分用户。
我必须根据配置集执行身份验证。我已经成功使用DB和LDAP,但是无法使用DB和SAML运行应用程序。该应用程序将使用Spring Security 3.1.x构建。
application-context.xml
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login" access="isAuthenticated()" />
<form-login login-page="/index" default-target-url="/login"
authentication-failure-handler-ref="customAuthenticationFailureHandler"
authentication-success-handler-ref="customAuthenticationSuccessHandler"/>
<logout invalidate-session="true" logout-url="/logout"/>
<session-management invalid-session-url="/welcome"></session-management>
</http>
application-database.xml
<beans:bean id="jdbcDaoImplService"
class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
<beans:property name="usersByUsernameQuery" value="SELECT USER_ID, USER_PASSWORD,'true' enabled FROM USERS WHERE EXTERNAL_USER='D' AND USER_ID=?"/>
<beans:property name="authoritiesByUsernameQuery" value="select u.user_id, r.ROLE_NAME ROLE_NAME from USERS u, USER_ASSIGNED_ROLES ua, SECURITY_ROLES r
where u.user_id = ua.user_id
and ua.role_id = r.role_id
and r.ROLE_ID in(select ROLE_ID from USER_ASSIGNED_ROLES where USER_ID=?)"/>
<beans:property name="dataSource" ref="myDataSource" />
</beans:bean>
<beans:bean id="jdbcProvider" class="com.configurations.helper.CustomDBAuthenticationProvider">
<beans:constructor-arg ref = "jdbcDaoImplService"/>
<beans:property name="passwordEncoder" ref="passwordEncoder" />
</beans:bean>
application-saml.xml
<security:http pattern="/saml/web/**" use-expressions="false">
<security:access-denied-handler error-page="/saml/web/metadata/login"/>
<security:form-login login-processing-url="/saml/web/login" login-page="/saml/web/metadata/login" default-target-url="/saml/web/metadata"/>
<security:intercept-url pattern="/saml/web/metadata/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/>
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
</security:http>
<security:http entry-point-ref="samlEntryPoint" use-expressions="false">
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
<security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
<security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
</security:http>
<bean id="samlAuthenticationProvider" class="org.springframework.security.saml.SAMLAuthenticationProvider">
</bean>
authentication-providers.xml
<authentication-manager alias="authenticationManager">
<authentication-provider ref="jdbcProvider" />
<authentication-provider ref="samlAuthenticationProvider" />
</authentication-manager>
通过上述配置,我得到了Filter已配置的异常。
以下是启动应用程序后的例外情况:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy':
Invocation of init method failed; nested exception is java.lang.IllegalArgumentException:
A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored.
Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration