未经授权,Spring Security预身份验证

时间:2011-10-13 05:15:57

标签: spring-mvc spring-security

我正在尝试实施预身份验证方案,但我遇到了一些问题。 这是我的安全上下文文件.. 

<sec:global-method-security secured-annotations="enabled" pre-post-annotations="disabled"/>
<sec:http pattern="/static/**" security="none" />
<bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <property name="preAuthenticatedUserDetailsService">
        <bean id="userDetailsServiceWrapper"
            class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
                <property name="userDetailsService" ref="userDetailsService"/>
        </bean>
    </property>
</bean>

<bean id="userDetailsService"
    class="com.myapp.UserDetailsServiceImpl"/>

<sec:authentication-manager alias="authenticationManager">
  <sec:authentication-provider ref="preauthAuthProvider" />
</sec:authentication-manager>

<sec:http auto-config="false" use-expressions="true">
    <sec:intercept-url pattern="/index.htm" access="permitAll"/>
    <sec:intercept-url pattern="/logoff.html" access="permitAll"/>
    <sec:intercept-url pattern="/profile/**" access="hasAnyRole('ROLE_PROFILEUSER', 'ROLE_ADMIN')"/>
    <sec:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/>
    <sec:intercept-url pattern="/**" access="isAuthenticated()"/>
    <!-- <sec:form-login login-page="/login.html"  default-target-url="/home.html" authentication-failure-url="/login.html"/> -->
    <sec:logout logout-url="/logoff.html"/> 
    <sec:custom-filter position="PRE_AUTH_FILTER" ref="channelSecureFilter" />
</sec:http>

<bean id="channelSecureFilter"
    class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">

    <property name="principalRequestHeader" value="SM_UNIVERSAL_ID"/>   
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="invalidateSessionOnPrincipalChange" value="true"/>
</bean>


<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
    <property name="decisionVoters">
        <list>
            <ref local="roleVoter"/>
            <ref local="authenticatedVoter"/>
        </list>
    </property>

</bean>

<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
    <property name="rolePrefix" value="ROLE_"/>
</bean>

<bean id="authenticatedVoter" class="org.springframework.security.access.vote.AuthenticatedVoter"/>

这是自定义UserDetailsS​​erviceImpl 

@Component
public class UserDetailsServiceImpl extends PreAuthenticatedGrantedAuthoritiesUserDetailsService implements UserDetailsService{
   @Autowired PersonService personService;


@Override
public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException {
           //I dont think anything is needed here... right?
    return null;
}

@Override
protected UserDetails createuserDetails(Authentication token,
        Collection<? extends GrantedAuthority> role){

    Person lp = PersonService.findPersonByNetId(token.getName());

    PreAuthenticatedGrantedAuthoritiesUserDetailsService test = new PreAuthenticatedGrantedAuthoritiesUserDetailsService();


    if(lp==null){
        role.add(new SimpleGrantedAuthority("ROLE_USER"));
        return new LLUser(token.getName(),"N/A", true, true, true, true, role, null);
    }
    else{
        boolean enabled = (lp.getIsActive()==1)?true:false;
        boolean credentialsNonExpired = (lp.getIsActive()==1)?true:false;
        //test whehther deactivate date is null or deactivate data is greater than current date
        boolean accountNonExpired = ((lp.getDeactivateDate()==null)||(lp.getDeactivateDate().compareTo(new Date())>0))?true:false;
        boolean accountNonLocked = (lp.getIsActive()==1)?true:false;
        Integer personId = lp.getPerson().getId();

        if(lp.getLlRole()!=null){
            if(lp.getLlRole()==10)
            {   
                role.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
                role.add(new SimpleGrantedAuthority("ROLE_PROFILEUSER"));
            }
            if(lp.getLlRole()==25)
                role.add(new SimpleGrantedAuthority("ROLE_PROFILEUSER"));
            }

        role.add(new SimpleGrantedAuthority("ROLE_USER"));

        return new LLUser(token.getName(),"N/A", enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, role, personId);
    }

}

}

LLUser是一个自定义用户对象,它扩展了Spring的用户对象。所以,现在的问题是,

1)。我似乎无法将SimpleGrantedauthoriy添加到“角色”集合中。我收到以下错误,我无法理解,因为SimplegGrantedAuthority是GrantedAuthority的实现吗?

the method add(capture#1-of ? extends GrantedAuthority) in the type collection<capture#1-of ? extends GrantedAuthority> is not applicable for the arguments (SimpleGrantedAuthority)

2)。我非常确定我初始化自定义User对象的方式是不正确的,因为请求中没有密码,User类不知道要比较什么?

另外,请查看我的上下文配置文件,让我知道是否有任何冗余元素,或者我是否遗漏了任何重要内容。提前谢谢。

1 个答案:

答案 0 :(得分:2)

看来你实际上并没有实现PreAuthenticatedGrantedUserDetailsService类所需的功能。您应该实现函数loadUserDetails(authenication_token),因为这是实际用于获取Spring的UserDetails对象的函数。由于您没有实现此功能,因此Spring永远无法获得UserDetails。有关详细信息,请参阅the documentation

相关问题
最新问题