1. 首页
  2. 问答
  3. 将每个http块映射到特定的身份验证提供程序

将每个http块映射到特定的身份验证提供程序

2011-04-27 25 views
2

我想根据用户的上下文路径来配置我的Spring Security配置。如果用户违反与http://path1/resource1的网址,我想引导他们到一个特定的身份验证提供商。如果他们进来http://path2/resource2我想引导他们到不同的身份验证提供程序。这些URL路径是基于REST的Web服务调用,所以这就是为什么它们是无状态的而不是来自表单。目前,所有身份验证提供程序都已执这种情况的最佳方法是什么?我正在使用spring-security 3.1.0.M1。将每个http块映射到特定的身份验证提供程序

<http pattern="/path1/**" create-session="stateless"> 
     <intercept-url pattern="/**" access="ROLE_USER,ROLE_VAR,ROLE_ADMIN" /> 
     <http-basic />  
</http> 
<http pattern="/path2/**" create-session="stateless"> 
     <intercept-url pattern="/**" access="ROLE_USER,ROLE_VAR,ROLE_ADMIN" /> 
     <http-basic />  
</http>

来源

2011-04-27 c12

回答

0

这个工作对我来说:

<security:authentication-manager alias="basicAuthenticationManager"> 
    <security:authentication-provider user-service-ref="accountService"> 
    <security:password-encoder hash="sha"/> 
    </security:authentication-provider> 
    <security:authentication-provider user-service-ref="accountService"/> 
</security:authentication-manager> 

<bean id="basicProcessingFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter"> 
    <property name="authenticationManager"> 
     <ref bean="basicAuthenticationManager" /> 
    </property>  
    <property name="authenticationEntryPoint"> 
     <ref bean="basicProcessingEntryPoint" /> 
    </property> 
</bean> 

<bean id="basicProcessingEntryPoint" 
    class="com.yourpackage.web.util.CustomBasicAuthenticationEntryPoint"> 
    <property name="realmName" value="yourRealm" /> 
</bean> 

<!-- Stateless RESTful service using Basic authentication --> 
<security:http pattern="/rest/**" create-session="stateless" entry-point-ref="basicProcessingEntryPoint">  
    <security:custom-filter ref="basicProcessingFilter" position="BASIC_AUTH_FILTER" />  
    <security:intercept-url pattern="/rest/new" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    <security:intercept-url pattern="/rest/**" access="ROLE_USER" /> 
</security:http> 

<!-- Additional filter chain for normal users, matching all other requests --> 
<security:http use-expressions="true"> 
    <security:intercept-url pattern="/index.jsp" access="permitAll" />  
    <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> 

    <security:form-login login-page="/signin" 
     authentication-failure-url="/signin?signin_error=1" 
     default-target-url="/" 
     always-use-default-target="true"/>  
    <security:logout /> 
</security:http>

我实现了身份验证入口点,因为我需要在某些情况下发送一些特殊的错误代码,但你并不需要这么做。

来源

2011-09-05 02:36:21 martincastell

+0

感谢回复martincastell。有一点可能你可以澄清一点,就是你如何将你的休息http块映射到一个身份验证提供者,同时将你的表单http块映射到不同的身份验证提供者。这就是我想要达到的目标,在我的例子中我不清楚。谢谢! – c12 2011-09-06 17:33:08

7

您可以定义每个HTTP模块的认证管理器参考:

<http pattern="/api/**" authentication-manager-ref="apiAccess"> 
    ... 
</http> 

<http auto-config = "true" authentication-manager-ref="webAccess"> 
    ... 
</http> 

<!-- Web authentication manager --> 
<authentication-manager id="webAccess"> 
    <authentication-provider 
     user-service-ref="userService"> 
    </authentication-provider> 
</authentication-manager> 

<!-- API authentication manager -->  
<authentication-manager id="apiAccess"> 
    <authentication-provider 
     user-service-ref="developerService"> 
    </authentication-provider> 
</authentication-manager>

此功能已在春季安全3.1增加了。

来源

2012-12-08 13:48:41 CarlosMecha

+2

注意'id'而不是'alias'用于'authentication-manager'。如果你使用'alias',Spring Security似乎可以选择错误的认证管理器。 – Raedwald 2015-01-07 11:48:53

相关问题

 相关问题