1. 首页
  2. 问答
  3. 嘲讽春季全球性认证管理

嘲讽春季全球性认证管理

2014-01-28 98 views
0

在使用Spring MVC 3.2使用Spring Security 3.1嘲讽春季全球性认证管理

目标容器是JBoss的4(不要问),所以该servlet API仍然是2.4。在测试Spring安全性配置时,它使用XML编写,并与其他一些东西一起放入web.xml中。以为我会写一个较小的JUnit测试平台来嘲笑一个基本请求并调用Spring安全检查身份验证。 Idea在将其整合到项目的其余部分之前将帮助其他开发人员测试安全配置。

无论如何,如果我没有在安全XML定义的认证管理器,我得到:

Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.springframework.security.authenticationManager' is defined: Did you forget to add a gobal <authentication-manager> element to your configuration (with child <authentication-provider> elements)? Alternatively you can use the authentication-manager-ref attribute on your <http> and <global-method-security> elements.

我的JUnit测试类看起来是这样的:

@RunWith(SpringJUnit4ClassRunner.class) 
@WebAppConfiguration 
@ContextConfiguration(classes = {LdapSecurityTest.WebAppConfig.class, 
    LdapSecurityTest.WebSecurityConfig.class}) 
public class LdapSecurityTest { 

    @Controller 
    public static class DummyController { 
     @RequestMapping(value = "/blankettservice/admin/test", method = RequestMethod.GET) 
     @ResponseBody 
     public String hello() { 
      return "hello world"; 
     } 
    } 

    @EnableWebMvc 
    @Configuration 
    @ComponentScan("se.bolagsverket.insidan.web.common") 
    public static class WebAppConfig { 
    } 

    @Configuration 
    @ImportResource({"classpath:applicationContext-security.xml"}) 
    public static class WebSecurityConfig { 
     @Autowired 
     private List<AuthenticationProvider> providers; 

     @Bean 
     public AuthenticationManager authenticationManager() { 
      return new ProviderManager(providers); 
     } 
    } 

    public class SpringInitializer implements WebApplicationInitializer { 

     @Override 
     public void onStartup(ServletContext servletContext) 
      throws ServletException { 
      AnnotationConfigWebApplicationContext ctx = 
       new AnnotationConfigWebApplicationContext(); 

      ServletRegistration.Dynamic dispatcher = 
       servletContext.addServlet("dispatcher", new DispatcherServlet(
        ctx)); 
      dispatcher.setLoadOnStartup(1); 
      dispatcher.addMapping("/"); 

      servletContext.addFilter("springSecurityFilterChain", 
       new DelegatingFilterProxy("springSecurityFilterChain")) 
       .addMappingForUrlPatterns(null, false, "/*"); 
     } 
    } 

    @Resource 
    private WebApplicationContext context; 

    @Test 
    public void initialize() throws Exception { 

     SecurityContextHolder.getContext().setAuthentication(
      new UsernamePasswordAuthenticationToken("user", "password")); 

     MockMvc mvc = webAppContextSetup(context).build(); 

     mvc.perform(get("/blankettservice/admin/test")).andExpect(status().isOk()) 
      .andExpect(content().string("hello world")); 
     ; 
    } 
}

只是为了清楚起见ApplicationContext的安全看起来像:

<http> 
     <intercept-url pattern="/**/blankettservice/admin/**" 
      access="ROLE_BLANKETTSERVICE_ADMIN" /> 
     <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
     <http-basic /> 
     <anonymous /> 
    </http> 

    <beans:bean id="contextSource" 
     class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> 
     <beans:constructor-arg value="ldap://server:port" /> 
     <beans:property name="userDn" value="..." /> 
     <beans:property name="password" value="..." /> 
    </beans:bean> 

    <beans:bean id="bvLdapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider> 
    .... 
    </beans:bean>

创建的ProviderManager bean是populat提供者提供bvLdapAuthProvider

来源

2014-01-28 Matthew Campbell

+0

如果我将名称“org.springframework.security.authenticationManager”添加到我的AuthenticationManager bean,那么错误消失。 –

+0

永远不会被拒绝访问。这是现在的问题。看到我的授权提供程序正在运行,但没有连接到HTTP拦截-URL反对“/ blankettservice/admin/test”。 –

+0

Spring安全过滤器从不初始化。我的LDAP认证提供者也不是被调用的(初始化为yes,但未被调用进行认证)。 –

回答

0

在我们的LDAP配置(春季安全3),我们使用这个配置:

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
     xmlns:security="http://www.springframework.org/schema/security" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns:jdbc="http://www.springframework.org/schema/jdbc" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-3.1.xsd 
     http://www.springframework.org/schema/jdbc 
     http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd"> 

... 

<security:authentication-manager> 
    <security:ldap-authentication-provider user-dn-pattern="uid={0},ou=people"/> 
</security:authentication-manager> 
<security:ldap-server url="ldap://localhost:10389/dc=example,dc=com" /> 

...

希望它可以帮助你。

来源

2014-01-28 07:57:03 Mannekenpix

+0

已经有身份验证提供程序。不需要创建一个新的。我的问题是一个测试的事情。 –

相关问题

 相关问题