我有一个带有 spring boot 的应用程序,用户可以在其中使用登录名和密码或数字证书进行身份验证。 我尝试使用用户和密码进行验证并且它可以工作,但是当我尝试使用证书进行验证时,chrome 没有向我显示窗口来选择我想在验证中使用的证书(我有多个证书并且服务器是安全的,等等。 ..)
有什么想法吗? 我附上了我的 WebSecurityConfigurerAdapter 的代码,以防我出错
> @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@EnableWebSecurity
@Configuration
@RequiredArgsConstructor
@Slf4j
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Configuration
@Order(2)
public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider customAuthProvider;
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.mvcMatchers(PublicUrls.URLS).permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/")
.permitAll()
.and()
.cors()
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll();
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider);
}
}
@Configuration
@Order(1)
public static class UserSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider2 customAuthProvider2;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/loginCert*").authorizeRequests()
.mvcMatchers(PublicUrls.URLS).permitAll()
.anyRequest().fullyAuthenticated()
.and().x509()
.subjectPrincipalRegex("CN=(.*?)(?:,|$)")
.userDetailsService(userDetailsService());
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider2);
}
}
@Bean("authenticationManager")
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
配置属性是:
<块引用>server.ssl.key-store=store/keystore.jks server.ssl.key-store-password=changeit server.ssl.key-alias=localhost server.ssl.key-password=changeit server.ssl.enabled=true server.ssl.client-auth=需要 server.port=8443
答案 0 :(得分:1)
让浏览器提示您输入客户端证书
如果使用嵌入式 tomcat,则需要在 application.properties 中设置以下 Spring 属性
df_2020 = df[df['Date'].str.contains('2020')]
USD_mean = df_2020['USD'].mean()
GBP_mean = df_2020['GBP'].mean()
对于专用的 tomcat,您需要在 server.xml 中设置以下属性
server.ssl.client-auth=need
参考下面的教程设置双向认证/2-way SSL
https://www.baeldung.com/x-509-authentication-in-spring-security