Spring security PreAuthentication Filter 请求 AuthenticationEntryPoint
我正在尝试将 PreAuthFilter (用于 Siteminder)与 Spring Security 3.0 一起使用。
<http use-expressions="true">
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/403.jsp" access="permitAll" />
<!-- Allow non-secure access to static resources -->
<intercept-url pattern="/css/**" filters="none" />
<intercept-url pattern="/images/**" filters="none" />
<custom-filter ref="siteminderFilter" position="PRE_AUTH_FILTER"/>
<!-- <form-login /> -->
<logout logout-success-url="/index.jsp"/>
</http>
<beans:bean id="siteminderFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<beans:property name="principalRequestHeader" value="SM_USER"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="exceptionIfHeaderMissing" value="false"/>
</beans:bean>
<beans:bean id="AdminUserDetailsService" class="com.fw.security.auth.MyUserDetailsService">
</beans:bean>
<beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService">
<beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:property name="userDetailsService" ref="AdminUserDetailsService"/>
</beans:bean>
</beans:property>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="preauthAuthProvider" />
</authentication-manager>
上述配置失败,并显示
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute
Offending resource: ServletContext resource [/WEB-INF/security-app-context.xml]
1) 如何指定 AuthenticationEntryPoint???
2)它真的适用于预身份验证场景吗???
创建
按照下面 axtavt 的 解决方案的解决方案:
一个 bean与 Http403ForbiddenEntryPoint
<beans:bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint">
</beans:bean>
并在
<http use-expressions="true" auto-config="false" entry-point-ref="http403EntryPoint">
I am trying to use PreAuthFilter (for Siteminder) with Spring Security 3.0.
<http use-expressions="true">
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/403.jsp" access="permitAll" />
<!-- Allow non-secure access to static resources -->
<intercept-url pattern="/css/**" filters="none" />
<intercept-url pattern="/images/**" filters="none" />
<custom-filter ref="siteminderFilter" position="PRE_AUTH_FILTER"/>
<!-- <form-login /> -->
<logout logout-success-url="/index.jsp"/>
</http>
<beans:bean id="siteminderFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<beans:property name="principalRequestHeader" value="SM_USER"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="exceptionIfHeaderMissing" value="false"/>
</beans:bean>
<beans:bean id="AdminUserDetailsService" class="com.fw.security.auth.MyUserDetailsService">
</beans:bean>
<beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService">
<beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:property name="userDetailsService" ref="AdminUserDetailsService"/>
</beans:bean>
</beans:property>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="preauthAuthProvider" />
</authentication-manager>
Above configuration fails with
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute
Offending resource: ServletContext resource [/WEB-INF/security-app-context.xml]
1) How do I specify an AuthenticationEntryPoint???
2) And is it really applicable for a PreAuthentication scenario???
Solution
as per axtavt's solution below:
Create a bean with Http403ForbiddenEntryPoint
<beans:bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint">
</beans:bean>
and refer it in <http>
<http use-expressions="true" auto-config="false" entry-point-ref="http403EntryPoint">
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我想在预身份验证的情况下,您需要声明
Http403ForbiddenEntryPoint并通过引用它entry-point-ref属性。I guess in the case of pre-authentication you need to declare an
Http403ForbiddenEntryPointand reference it viaentry-point-refattribute of<http>.