1. 首頁
  2. 問答
  3. 將每個http塊映射到特定的身份驗證提供程序

將每個http塊映射到特定的身份驗證提供程序

2011-04-27 77 views
2

我想根據用戶的上下文路徑來配置我的Spring Security配置。如果用戶違反與http://path1/resource1的網址,我想引導他們到一個特定的身份驗證提供商。如果他們進來http://path2/resource2我想引導他們到不同的身份驗證提供程序。這些URL路徑是基於REST的Web服務調用,所以這就是爲什麼它們是無狀態的而不是來自表單。目前,所有身份驗證提供程序都已執這種情況的最佳方法是什麼?我正在使用spring-security 3.1.0.M1。將每個http塊映射到特定的身份驗證提供程序

<http pattern="/path1/**" create-session="stateless"> 
     <intercept-url pattern="/**" access="ROLE_USER,ROLE_VAR,ROLE_ADMIN" /> 
     <http-basic />  
</http> 
<http pattern="/path2/**" create-session="stateless"> 
     <intercept-url pattern="/**" access="ROLE_USER,ROLE_VAR,ROLE_ADMIN" /> 
     <http-basic />  
</http>

來源

2011-04-27 c12

回答

0

這個工作對我來說:

<security:authentication-manager alias="basicAuthenticationManager"> 
    <security:authentication-provider user-service-ref="accountService"> 
    <security:password-encoder hash="sha"/> 
    </security:authentication-provider> 
    <security:authentication-provider user-service-ref="accountService"/> 
</security:authentication-manager> 

<bean id="basicProcessingFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter"> 
    <property name="authenticationManager"> 
     <ref bean="basicAuthenticationManager" /> 
    </property>  
    <property name="authenticationEntryPoint"> 
     <ref bean="basicProcessingEntryPoint" /> 
    </property> 
</bean> 

<bean id="basicProcessingEntryPoint" 
    class="com.yourpackage.web.util.CustomBasicAuthenticationEntryPoint"> 
    <property name="realmName" value="yourRealm" /> 
</bean> 

<!-- Stateless RESTful service using Basic authentication --> 
<security:http pattern="/rest/**" create-session="stateless" entry-point-ref="basicProcessingEntryPoint">  
    <security:custom-filter ref="basicProcessingFilter" position="BASIC_AUTH_FILTER" />  
    <security:intercept-url pattern="/rest/new" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <security:intercept-url pattern="/rest/**" access="ROLE_USER" /> 
</security:http> 

<!-- Additional filter chain for normal users, matching all other requests --> 
<security:http use-expressions="true"> 
    <security:intercept-url pattern="/index.jsp" access="permitAll" />  
    <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> 

    <security:form-login login-page="/signin" 
     authentication-failure-url="/signin?signin_error=1" 
     default-target-url="/" 
     always-use-default-target="true"/>  
    <security:logout /> 
</security:http>

我實現了身份驗證入口點,因爲我需要在某些情況下發送一些特殊的錯誤代碼,但你並不需要這麼做。

來源

2011-09-05 02:36:21 martincastell

+0

感謝回覆martincastell。有一點可能你可以澄清一點,就是你如何將你的休息http塊映射到一個身份驗證提供者,同時將你的表單http塊映射到不同的身份驗證提供者。這就是我想要達到的目標,在我的例子中我不清楚。謝謝! – c12 2011-09-06 17:33:08

7

您可以定義每個HTTP模塊的認證管理器參考:

<http pattern="/api/**" authentication-manager-ref="apiAccess"> 
    ... 
</http> 

<http auto-config = "true" authentication-manager-ref="webAccess"> 
    ... 
</http> 

<!-- Web authentication manager --> 
<authentication-manager id="webAccess"> 
    <authentication-provider 
     user-service-ref="userService"> 
    </authentication-provider> 
</authentication-manager> 

<!-- API authentication manager -->  
<authentication-manager id="apiAccess"> 
    <authentication-provider 
     user-service-ref="developerService"> 
    </authentication-provider> 
</authentication-manager>

此功能已在春季安全3.1增加了。

來源

2012-12-08 13:48:41 CarlosMecha

+2

注意'id'而不是'alias'用於'authentication-manager'。如果你使用'alias',Spring Security似乎可以選擇錯誤的認證管理器。 – Raedwald 2015-01-07 11:48:53

相關問題

 相關問題