如何在Spring Security 3中为匿名用户从数据库加载角色?
我正在使用 Spring Security 3.0.2,但找不到从数据库加载匿名用户角色的方法(我有动态角色,可以将角色分配给每个人)。
我尝试使用自定义的anonymousAuthenticationProvider,但从未调用过该提供程序。这是我的配置:
<http auto-config="false">
<logout invalidate-session="true" logout-success-url="/page/welcome" />
<remember-me />
<anonymous username="_GUEST_" granted-authority="ROLE_GUEST" key="anonymousKey" />
<form-login login-page="/page/login" authentication-failure-url="/page/login?fail=1" default-target-url="/page/welcome" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="anonymousAuthenticationProvider"></authentication-provider>
<authentication-provider user-service-ref="accountDetails">
<password-encoder ref="passwordEncoder">
<salt-source user-property="xxxx" />
</password-encoder>
</authentication-provider>
</authentication-manager>
<beans:bean id="accountDetails" class="com.mysite.AccountDetailsImpl" />
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<beans:constructor-arg value="512" />
</beans:bean>
<beans:bean id="anonymousAuthenticationProvider" class="com.my.site.security.CustomAnonymousAuthenticationProvider">
<beans:property name="key" value="anonymousKey" />
</beans:bean>
我的匿名身份验证提供程序从未被调用,因此我无法从数据库加载自定义权限。 当我登录时,我的服务 accountDetails 被调用,我可以从数据库中为用户加载角色,我希望匿名用户也能做同样的事情。
我该怎么办?谢谢
I'm using Spring Security 3.0.2 and I can't find a way to load roles of anonymous user from database (I've got dynamic roles where roles can be given to everyone).
I've tried to use a custom anonymousAuthenticationProvider but this provider is never called. Here is my config:
<http auto-config="false">
<logout invalidate-session="true" logout-success-url="/page/welcome" />
<remember-me />
<anonymous username="_GUEST_" granted-authority="ROLE_GUEST" key="anonymousKey" />
<form-login login-page="/page/login" authentication-failure-url="/page/login?fail=1" default-target-url="/page/welcome" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="anonymousAuthenticationProvider"></authentication-provider>
<authentication-provider user-service-ref="accountDetails">
<password-encoder ref="passwordEncoder">
<salt-source user-property="xxxx" />
</password-encoder>
</authentication-provider>
</authentication-manager>
<beans:bean id="accountDetails" class="com.mysite.AccountDetailsImpl" />
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<beans:constructor-arg value="512" />
</beans:bean>
<beans:bean id="anonymousAuthenticationProvider" class="com.my.site.security.CustomAnonymousAuthenticationProvider">
<beans:property name="key" value="anonymousKey" />
</beans:bean>
My anonymousAuthenticationProvider is never called so I can't load custom authorities from database.
When I log in, my service accountDetails is called and I can load roles from database for the user, I want the same thing for anonymous user.
How can I do it ? thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
实现它的最简单方法似乎是使用自定义的 UserAttribute 声明 AnonymousAuthenticationFilter ,这将生成所需的权限:
It seems to be that the easiest way to achieve it is to declare a
AnonymousAuthenticationFilterwith a customUserAttribute, which will produce the required authorities: