1. 首頁
  2. 問答
  3. 多個登錄頁面的Spring 3.x配置

多個登錄頁面的Spring 3.x配置

2011-09-24 67 views
9

我使用Spring 3.1進行身份驗證。多個登錄頁面的Spring 3.x配置

我的要求:

  • 兩種不同的登錄頁面。一個用於客戶,另一個用於員工。
  • 驗證成功後,每個成功的URL都會被轉發。

我春天的安全配置:

<sec:http pattern="/resources/**" security="none" /> 
<sec:http auto-config="true"> 
    <sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <sec:intercept-url pattern="/customer/**" access="ROLE_CUSTOMER" /> 
    <sec:intercept-url pattern="/employee/**" access="ROLE_EMPLOYEE" /> 
</sec:http> 

<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy"> 
    <sec:filter-chain-map path-type="ant"> 
     <sec:filter-chain pattern="/**" 
      filters="authenticationProcessingFilterForCustomer,authenticationProcessingFilterForEmployee" /> 
    </sec:filter-chain-map> 
</bean> 

<bean id="authenticationProcessingFilterForCustomer" 
    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> 
    <property name="authenticationManager" ref="authenticationManagerForCustomer" /> 
    <property name="filterProcessesUrl" value="/j_spring_security_check_for_customer" /> 
    <property name="authenticationSuccessHandler" ref="customerSuccessHandler" /> 
    <property name="authenticationFailureHandler" ref="customerFailureHandler" /> 
</bean> 
<bean id="customerSuccessHandler" 
    class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> 
    <property name="defaultTargetUrl" value="/customer/index.html" /> 
</bean> 
<bean id="customerFailureHandler" 
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> 
    <property name="defaultFailureUrl" value="/customer.html?login_error=1" /> 
</bean> 
<bean id="authenticationManagerForCustomer" 
    class="org.springframework.security.authentication.ProviderManager"> 
    <property name="providers"> 
     <list> 
      <ref bean="customCustomerAuthenticationProvider" /> 
     </list> 
    </property> 
</bean> 
<bean id="customCustomerAuthenticationProvider" class="com.edu.CustomerCustomAuthenticationProvider"> 
    <property name="userDetailsService"> 
     <bean class="com.edu.CustomerUserDetailsService" /> 
    </property> 
</bean> 

<bean id="authenticationProcessingFilterForEmployee" 
    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> 
    <property name="authenticationManager" ref="authenticationManagerForEmployee" /> 
    <property name="filterProcessesUrl" value="/j_spring_security_check_for_employee" /> 
    <property name="authenticationSuccessHandler" ref="employeeSuccessHandler" /> 
    <property name="authenticationFailureHandler" ref="employeeFailureHandler" /> 
</bean> 
<bean id="employeeSuccessHandler" 
    class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> 
    <property name="defaultTargetUrl" value="/employee/index.html" /> 
</bean> 
<bean id="employeeFailureHandler" 
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> 
    <property name="defaultFailureUrl" value="/employee.html?login_error=1" /> 
</bean> 
<bean id="authenticationManagerForEmployee" 
    class="org.springframework.security.authentication.ProviderManager"> 
    <property name="providers"> 
     <list> 
      <ref bean="customEmployeeAuthenticationProvider" /> 
     </list> 
    </property> 
</bean> 
<bean id="customEmployeeAuthenticationProvider" class="com.edu.EmployeeCustomAuthenticationProvider"> 
    <property name="userDetailsService"> 
     <bean class="com.edu.EmployeeUserDetailsService" /> 
    </property> 
</bean> 

<sec:authentication-manager alias="authenticationManager"> 
    <sec:authentication-provider ref="customCustomerAuthenticationProvider" /> 
    <sec:authentication-provider ref="customEmployeeAuthenticationProvider" /> 
</sec:authentication-manager>

兩個CustomAuthenticationProvider已經實現支持方法如下:

public boolean supports(Class<? extends Object> authentication) { 
    return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication); 
}

啓動應用程序,嘗試驗證後,在登錄頁面顯示的信息是:

您的登錄嘗試是n不成功,再試一次。
原因:沒有的AuthenticationProvider發現org.springframework.security.authentication.UsernamePasswordAuthenticationToken

我使用Spring 3.1。任何幫助讚賞。

謝謝

來源

2011-09-24 Manas Sahu

+0

也許與http://stackoverflow.com/questions/4783063/configuring-spring-security-3-x-to-have-multiple-entry-points相關或重複? – Raghuram

+0

「配置Spring Security 3.x具有多個入口點」的解決方案是爲不同類型的用戶提供單入口點和單成功頁面。這個問題我有多個入口點,每個都有自己的成功頁面。 –

+0

@ManasSahu您可以在您的問題中添加自定義身份驗證提供程序的'supports()'方法的代碼嗎? – Ritesh

回答

0

你應該指向的AuthenticationManager裁判在「authenticationProcessingFilterForCustomer」和「authenticationProcessingFilterForEmployee」豆糾正豆即「的AuthenticationManager」其中有供應商。無需定義'authenticationManagerForCustomer'和'authenticationManagerForEmployee'bean。

來源

2011-11-02 13:15:15

1

我在Grails中做過類似的事情,你需要的是:

  1. 延長UsernamePasswordAuthenticationToken,其他創建兩個子類對於員工和客戶,例如EmployeeUsernamePasswordAuthenticationToken和CustomerUsernamePasswordAuthenticationToken
  2. 擴展UsernamePasswordAuthenticationFilter,以創建不同的EmployeeUsernamePasswordAuthenticationT實例根據目前的身份驗證請求
  3. 員工和custoner延長的AuthenticationProvider,創建兩個類奧肯或CustomerUsernamePasswordAuthenticationToken說EmployeeAuthenticationProvider和CustomerAuthenticationProvider,覆蓋每個類的支持方法,以支持其目標UsernamePasswordAuthenticationToken
  4. 你只需要一個好的AuthenticationManager,註冊都提供到它
  5. 只需要一個AuthenticationSuccessHandler,你可以決定哪些URL想進去吧
  6. 我還創建的AuthenticationEntryPoint的我自己的實例,支持多入口點

來源

2012-09-13 03:31:03 Xilang

相關問題

 相關問題