配置 Spring Security 以使用自定义 UsernamePasswordAuthenticationFilter
我已经实现了自己的 LowerCaseUsernamePasswordAuthenticationFilter ,它只是 UsernamePasswordAuthenticationFilter 的子类。
但现在我的问题是,如何配置Spring security来使用这个过滤器。
到目前为止,我使用过:
<security:http auto-config="true" use-expressions="true">
<security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
<security:logout logout-url="/resources/j_spring_security_logout" />
<security:intercept-url pattern="/**" access="isAuthenticated()" requires-channel="${cfma.security.channel}" />
</security:http>
我真的要关闭自动配置并需要手动配置所有过滤器吗? - 如果这是真的,有人可以提供一个例子吗?
简单添加 security:custom-filter: 的方法
<security:http ...>
<security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
<security:custom-filter ref="lowerCaseUsernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/>
...
</security:http>
确实会导致该消息出现异常:
配置问题:过滤器bean
和'Root bean:class [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter];范围=;摘要=假;惰性初始化=假;自动连线模式=0;依赖检查=0; autowireCandidate = true;主要=假;工厂BeanName=null;工厂方法名称=null; initMethodName=null; destroyMethodName=null' 具有相同的 'order' 值。 使用自定义过滤器时,请确保位置不与默认过滤器冲突。或者,您可以通过删除相应的子元素并避免使用 来禁用默认过滤器。
I have implemented my own LowerCaseUsernamePasswordAuthenticationFilter that is just a subclass of UsernamePasswordAuthenticationFilter.
But now my problem is, how to configure Spring security to use this filter.
Up to now I used:
<security:http auto-config="true" use-expressions="true">
<security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
<security:logout logout-url="/resources/j_spring_security_logout" />
<security:intercept-url pattern="/**" access="isAuthenticated()" requires-channel="${cfma.security.channel}" />
</security:http>
Do I really to turn of auto-config and need to configure all the filters by hand? - If this is true, does anybody can provide an example please?
The way to add simply a security:custom-filter:
<security:http ...>
<security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
<security:custom-filter ref="lowerCaseUsernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/>
...
</security:http>
does result in an exception with that message:
Configuration problem: Filter beans
<lowerCaseUsernamePasswordAuthenticationFilter>and 'Root bean: class [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from and avoiding the use of .
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我是通过手动编写所需的自动配置 bean 来完成的。这是结果:
I have done it by writing the needed autoconfigured beans by hand. This is the result:
这是 Scala 中的一个示例。我必须这样做才能替换 Spring Security OAuth 提供的过滤器。
基本上的想法是,将 FilterChainProxy 和您想要替换的现有过滤器注入到过滤器中。在
filterChainMap中找到现有的过滤器并将其替换为您的过滤器。Here is an example in Scala. I had to do this to replace a filter provided by Spring Security OAuth.
Basically the idea is, inject the
FilterChainProxyand the existing filter that you want to replace into your filter. Find the existing filter in thefilterChainMapand replace it with yours.