4
我試圖在Spring Boot時裝中使用Spring Security的Waffle身份驗證。預期的結果是「如果協商失敗,則阻止所有事情」。將Waffle Spring Security XML配置遷移到Spring Boot
華夫格項目爲這種用例提供了一個configuration example(假如配置是通過web.xml完成的,則在此示例中,如果協商失敗,則返回到簡單HTTP認證)。但是,儘管做了很多嘗試,但我不明白如何使用Boot和Java-only配置將Spring Waverle與Spring Security配合使用。我使用的是Spring Boot 1.2.1.RELEASE,具有入門網站和安全性,Waffle版本爲1.7.3。
我意識到這不是一個具體的問題,但Spring論壇現在重定向到這裏,華夫餅乾傢伙不知道Spring Boot。有人可以幫我將XML Spring Security配置轉換爲Spring Boot嗎?
第一步是聲明一個過濾器鏈和上下文加載器監聽器。
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/waffle-filter.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
我假設(我錯了?),這是已經被@EnableWebMvcSecurity處理,所以沒有在這裏做。
下被宣告一對夫婦提供豆子,所以我翻譯這
<bean id="waffleWindowsAuthProvider" class="waffle.windows.auth.impl.WindowsAuthProviderImpl" />
<bean id="negotiateSecurityFilterProvider" class="waffle.servlet.spi.NegotiateSecurityFilterProvider">
<constructor-arg ref="waffleWindowsAuthProvider" />
</bean>
<bean id="basicSecurityFilterProvider" class="waffle.servlet.spi.BasicSecurityFilterProvider">
<constructor-arg ref="waffleWindowsAuthProvider" />
</bean>
<bean id="waffleSecurityFilterProviderCollection" class="waffle.servlet.spi.SecurityFilterProviderCollection">
<constructor-arg>
<list>
<ref bean="negotiateSecurityFilterProvider" />
<ref bean="basicSecurityFilterProvider" />
</list>
</constructor-arg>
</bean>
<bean id="waffleNegotiateSecurityFilter" class="waffle.spring.NegotiateSecurityFilter">
<property name="Provider" ref="waffleSecurityFilterProviderCollection" />
</bean>
這個
@Bean
public WindowsAuthProviderImpl waffleWindowsAuthProvider() {
return new WindowsAuthProviderImpl();
}
@Bean
@Autowired
public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
return new NegotiateSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public BasicSecurityFilterProvider basicSecurityFilterProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
return new BasicSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(final NegotiateSecurityFilterProvider negotiateSecurityFilterProvider, final BasicSecurityFilterProvider basicSecurityFilterProvider) {
final SecurityFilterProvider[] securityFilterProviders = {
negotiateSecurityFilterProvider,
basicSecurityFilterProvider
};
return new SecurityFilterProviderCollection(securityFilterProviders);
}
@Bean
@Autowired
public NegotiateSecurityFilter waffleNegotiateSecurityFilter(final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilter;
}
最後一步是sec:http部分配置。聲明一個入口點,並在BASIC認證過濾器之前放置過濾器。
例子:
<sec:http entry-point-ref="negotiateSecurityFilterEntryPoint">
<sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<sec:custom-filter ref="waffleNegotiateSecurityFilter" position="BASIC_AUTH_FILTER" />
</sec:http>
<bean id="negotiateSecurityFilterEntryPoint" class="waffle.spring.NegotiateSecurityFilterEntryPoint">
<property name="Provider" ref="waffleSecurityFilterProviderCollection" />
</bean>
我的引導翻譯:
@Autowired
private NegotiateSecurityFilterEntryPoint authenticationEntryPoint;
@Autowired
private NegotiateSecurityFilter negotiateSecurityFilter;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests().anyRequest().authenticated()
.and()
.addFilterBefore(this.negotiateSecurityFilter, BasicAuthenticationFilter.class)
.httpBasic().authenticationEntryPoint(this.authenticationEntryPoint);
}
@Bean
@Autowired
public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint = new NegotiateSecurityFilterEntryPoint();
negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilterEntryPoint;
}
運行此配置導致奇怪的行爲:有時NTLM被觸發並獲得成功,有時協商過濾器的崩潰與「提供無效令牌」錯誤(相同的憑據,用戶,瀏覽器,配置)。
Provided example工程就像一個魅力,這讓我覺得我的引導配置有問題。
任何幫助表示讚賞!
如果過濾器啓動,我認爲它必須工作。我真的不知道任何關於鬆餅的事情(但看起來很有趣)。我發現您的代碼和XML示例的一個區別是,您只將自定義入口點安裝到HTTP基本過濾器中(而不是整個鏈中的異常處理)。可能你需要這樣做,但我不知道它是否能解決所有問題。 – 2015-03-12 08:08:37
感謝您的反饋。它並沒有解決'無效令牌'的問題(我會再次爲華夫餅團隊提供支持),但這只是一個開始。 – LeRiton 2015-03-13 12:19:19
這有什麼更新?我有同樣的問題(我認爲)。在春天起動的華夫餅。它似乎可以在Chrome和其他瀏覽器中正常工作,但在使用IE11時會失敗。服務器記錄一個Win32Exception「提供給該函數的令牌無效」 – Mike 2016-05-02 16:41:14