1. 首頁
  2. 問答
  3. Spring Security JAAS身份驗證授權問題

Spring Security JAAS身份驗證授權問題

2014-04-01 76 views
2

在Spring Security中,我使用DefaultJaasAuthenticationProvider Configuration進行用戶名/密碼登錄驗證。 JpamLoginModule用於認證。我成功與身份驗證,但我有授權問題(ROLE_USER,ROLE_ADMIN), 正在獲取HTTP狀態403 - 訪問被拒絕錯誤。Spring Security JAAS身份驗證授權問題

下面的配置我在彈簧security.xml文件中使用

<security:authentication-manager> 
    <security:authentication-provider ref="jaasAuthProvider" /> 
</security:authentication-manager> 

<bean id="jaasAuthProvider" class="org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider"> 
    <property name="configuration"> 
     <bean class="org.springframework.security.authentication.jaas.memory.InMemoryConfiguration"> 
      <constructor-arg> 
       <map> 
        <entry key="SPRINGSECURITY"> 
         <array> 
          <bean class="javax.security.auth.login.AppConfigurationEntry"> 
           <constructor-arg value="net.sf.jpam.jaas.JpamLoginModule" /> 
           <constructor-arg> 
            <util:constant static-field="javax.security.auth.login.AppConfigurationEntry$LoginModuleControlFlag.REQUIRED" /> 
           </constructor-arg> 
           <constructor-arg> 
            <map></map> 
           </constructor-arg> 
          </bean> 
         </array> 
        </entry> 
       </map> 
      </constructor-arg> 
     </bean> 
    </property> 
    <property name="authorityGranters"> 
     <list> 
      <bean class="it.webapps.pam.RoleGranter" /> 
     </list> 
    </property> 
</bean> 
    <bean id="userDetailsService" class="it.webapps.pam.UserDetailsServiceImpl"> 
</bean>

RoleGranter.java代碼

public class RoleGranter implements AuthorityGranter { 

public RoleGranter() { 
    System.out.print("=== Creating My Authority Granter ==="); 
} 

@Override 
public Set<String> grant(Principal principal) { 

     return Collections.singleton("ROLE_ADMIN"); 
}

}

的建議是非常有幫助的

來源

2014-04-01 shakkir3435

回答

0

嘗試返回「 ADMIN「而不是」ROLE_ADMIN「。 Spring自動添加「ROLE」。

來源

2014-04-22 08:48:09 gavioto

+1

我試過這個「return Collections.singleton(」ADMIN「)」,但HTTP狀態403-訪問被拒絕。我使用的是spring-security-core-3.1.0.RC3 jar。任何其他調試方法? – shakkir3435

2

基於:http://jpam.sourceforge.net/xref/net/sf/jpam/jaas/JpamLoginModule.htmlhttps://github.com/spring-projects/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java

看起來你需要擴展JpamLoginModule改承諾的行爲。在擴展的JpamLoginModule中需要將主體分配到主題中。然後AbstractJaasAuthenticationProvider(DefaultJaasAuthenticationProvider)將遍歷這些主體並將它們發送給您的authorityGranters(RoleGranter)。

<authentication-manager> 
    <authentication-provider ref="jaasAuthProvider" /> 
</authentication-manager> 

<beans:bean id="userService" class="blah.UserDetailsServiceImpl" /> 

<beans:bean id="jaasAuthProvider" class="org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider"> 
    <beans:property name="configuration"> 
     <beans:bean class="org.springframework.security.authentication.jaas.memory.InMemoryConfiguration"> 
      <beans:constructor-arg> 
       <beans:map> 
        <beans:entry key="SPRINGSECURITY"> 
         <beans:array> 
          <beans:bean class="javax.security.auth.login.AppConfigurationEntry"> 
           <beans:constructor-arg value="blah.RoleGrantingJpamLoginModule" /> 
           <beans:constructor-arg> 
            <util:constant static-field="javax.security.auth.login.AppConfigurationEntry$LoginModuleControlFlag.REQUIRED" /> 
           </beans:constructor-arg> 
           <beans:constructor-arg> 
            <beans:map></beans:map> 
           </beans:constructor-arg> 
          </beans:bean> 
         </beans:array> 
        </beans:entry> 
       </beans:map> 
      </beans:constructor-arg> 
     </beans:bean> 
    </beans:property> 
    <beans:property name="authorityGranters"> 
     <beans:list> 
      <beans:bean class="blah.RoleGranter" /> 
     </beans:list> 
    </beans:property> 
</beans:bean> 

package blah; 

import javax.security.auth.Subject; 
import javax.security.auth.login.LoginException; 

import net.sf.jpam.jaas.JpamLoginModule; 

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 

public class RoleGrantingJpamLoginModule extends JpamLoginModule { 
    private Subject subject; 

    @Override 
    public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options) { 
     super.initialize(subject, callbackHandler, sharedState, options); 
     this.subject = subject; 
    } 

    @Override 
    public boolean commit() throws LoginException { 
     UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, null); 
     subject.getPrincipals().add(token); 
     return super.commit(); 
    } 
} 


package blah; 

import static java.util.Arrays.asList; 

import org.springframework.security.core.authority.SimpleGrantedAuthority; 
import org.springframework.security.core.userdetails.User; 
import org.springframework.security.core.userdetails.UserDetails; 
import org.springframework.security.core.userdetails.UserDetailsService; 
import org.springframework.security.core.userdetails.UsernameNotFoundException; 

public class UserDetailsServiceImpl implements UserDetailsService { 

    @Override 
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
     return new User(username, "password", asList(new SimpleGrantedAuthority("ROLE_ADMIN"))); 
    } 

}

來源

2014-07-08 12:58:24 Steven

相關問題

 相關問題