1
我有一個現有的Java/Spring/Hibernate Web應用程序,並具有經典的數據庫身份驗證。 我剛將它成功遷移到Crowd SSO平臺。 一切都按預期工作,但現在我想配置Spring安全回退到我以前的身份驗證系統,如果人羣服務器關閉。使用身份驗證回退配置Crowd Spring Security
我從來沒有配置過這樣的級聯認證,而且我用google讀取的內容迄今爲止並沒有幫助我。你知道我能做到嗎?
這裏是我的春節,安全配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd"
xmlns:util="http://www.springframework.org/schema/util"
default-autowire="byName">
<http entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint">
<intercept-url pattern="/**/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**/logout" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**/login.html" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/admin/**" access="ROLE_ADMINISTRATOR"/>
<intercept-url pattern="/**" access="ROLE_ADMINISTRATOR"/>
<custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"/>
<custom-filter position="LOGOUT_FILTER" ref="logoutFilter"/>
</http>
<!-- My previous authentication filter -->
<beans:bean id="authenticationFilter"
class="my.package.security.CustomAuthenticationProcessingFilter">
<beans:property name="authenticationManager" ref="formAuthenticationManager"/>
<beans:property name="filterProcessesUrl" value="/login"/>
<beans:property name="continueChainBeforeSuccessfulAuthentication" value="false"/>
<beans:property name="postOnly" value="true"/>
<beans:property name="authenticationSuccessHandler" ref="authenticationHandler"/>
<beans:property name="authenticationFailureHandler" ref="authenticationHandler"/>
</beans:bean>
<beans:bean id="authenticationHandler" class="my.package.security.CustomAuthenticationHandler">
<beans:property name="alwaysUseDefaultTargetUrl" value="false"/>
</beans:bean>
<beans:bean id="customAuthenticationProvider"
class="my.package.security.MyDaoAuthenticationProvider">
<beans:property name="SaltSource">
<beans:bean class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<beans:property name="userPropertyToUse" value="salt"/>
</beans:bean>
</beans:property>
</beans:bean>
<!-- Crowd config -->
<beans:bean id="crowdUserDetailsService" class="my.package.security.CustomCrowdUserDetailsServiceImpl">
<beans:property name="authenticationManager" ref="crowdAuthenticationManager"/>
<beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/>
<beans:property name="userManager" ref="crowdUserManager"/>
<beans:property name="authorityPrefix" value=""/>
<beans:property name="userController" ref="userController"/>
</beans:bean>
<beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
<beans:constructor-arg ref="crowdAuthenticationManager"/>
<beans:constructor-arg ref="httpAuthenticator"/>
<beans:constructor-arg ref="crowdUserDetailsService"/>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref='crowdAuthenticationProvider' />
</authentication-manager>
<beans:bean id="crowdAuthenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:constructor-arg value="/login.html"/>
</beans:bean>
<beans:bean id="authenticationProcessingFilter" class="com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="filterProcessesUrl" value="/login"/>
<beans:property name="authenticationFailureHandler">
<beans:bean class="com.atlassian.crowd.integration.springsecurity.UsernameStoringAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login.html?login_error=1"/>
</beans:bean>
</beans:property>
<beans:property name="authenticationSuccessHandler">
<beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/flexibility.html"/>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="crowdLogoutHandler" class="com.atlassian.crowd.integration.springsecurity.CrowdLogoutHandler">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
</beans:bean>
<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg value="/login.html"/>
<beans:constructor-arg>
<beans:list>
<beans:ref bean="crowdLogoutHandler"/>
<beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</beans:list>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout"/>
</beans:bean>
如果我添加<認證提供商REF =「customAuthenticationProvider」 />在我<認證管理器別名=「的AuthenticationManager」>,我可以看到我DAOProvider公用(與調試器),但看起來奇怪的是,authentication.getDetails()仍然是CrowdSSOAuthenticationDetails的一個實例。 而登錄仍然無效。好像安全上下文沒有被存儲:響應將重定向發送到登錄後頁面,但是這個新請求將我帶回到登錄頁面...... – Asterius 2014-09-30 15:19:12
好吧,我必須擴展Crowd beans以支持兩種身份驗證模式,使他們一起工作。但我接受你的答案,因爲這是解決我的問題的第一步 – Asterius 2014-10-02 11:32:13