如何自定义PicketLink AuthenticationFilter？ [英] How to customize PicketLink AuthenticationFilter?

问题描述

我已经安装PicketLink和我的web应用程序运行，但似乎我不能保护资源像组或角色的文件夹。该PicketLink AuthenticationFilter（org.picketlink.authentication.web.AuthenticationFilter）不提供任何办法说哪个URL模式属于哪个组或角色。我如何将保护admin目录，以便只有管理员组中的用户可以访问它？现在，如果您登录，您可以访问一切。

web.xml文件：

 ＆LT;滤光器＆gt;
            ＆LT;过滤器名称＆gt;＆PicketLinkAuthenticationFilter LT; /过滤器名称＆gt;
            ＆LT;过滤器类和GT; org.picketlink.authentication.web.AuthenticationFilter＆LT; /过滤器类＆GT;            ＆LT;初始化参数＆GT;
                ＆LT;参数-名称＆gt;＆的authType LT; /参数 - 名称＆gt;
                ＆LT;参数值＆GT;表并LT; /参数值＆GT;
            ＆LT; /初始化参数＆GT;
        ＆LT; /滤光器＆gt;        ＆LT;过滤器映射＆GT;
            ＆LT;过滤器名称＆gt;＆PicketLinkAuthenticationFilter LT; /过滤器名称＆gt;
            ＆LT; URL模式＆GT; /管理/ * LT; / URL模式＆GT;
            ＆LT; URL模式＆GT; / standarduser / *＆LT; / URL模式＆GT;
        ＆LT; /过滤器映射＆GT;
 

我试图创建自己的自定义AuthenticationFilter但我不能。我真的希望我可以做类似的春天。事情是这样的，或者使用类似hasRole或isMember的IDM功能：

 ＆LT;拦截的URL模式=/管理/ *访问=ADMIN/＆GT;
    ＆LT;拦截的URL模式=/成员/ *访问=ADMIN，STANDARDUSER/＆GT;
 

解决方案

除非我完全误解了你想要做什么，我觉得你可以做你通过编程配置界面想要什么。 <一href=\"https://docs.jboss.org/picketlink/2/latest/reference/html-single/#chap-Identity_Management_-_Configuration\"相对=nofollow>查看文档章节12.2

 公共类HttpSecurityConfiguration {公共无效configureHttpSecurity（@Observes SecurityConfigurationEvent事件）{
    SecurityConfigurationBuilder建设者= event.getBuilder（）;    建设者
        .http（）
            .forPath（/ *。JSF）
                .authenticateWith（）
                    。形成（）
                        .loginPage（/ login.jsf）
                        .errorPage（/ loginFailed.jsf）
            .forPath（/管理/ *）
                .authorizeWith（）
                    。角色（管理员）;
    }
}
 

I have PicketLink installed and running on my web application, but it seems like I cannot protect resources like folders by group or role. The PicketLink AuthenticationFilter (org.picketlink.authentication.web.AuthenticationFilter) does not provide any way to say which url-pattern belongs to which group or role. How would I protect the admin directory so that only users in the admin group can access it? Right now, if you are logged in you can access everything.

web.xml file:

        <filter>
            <filter-name>PicketLinkAuthenticationFilter</filter-name>
            <filter-class>org.picketlink.authentication.web.AuthenticationFilter</filter-class>

            <init-param>
                <param-name>authType</param-name>
                <param-value>FORM</param-value>
            </init-param>
        </filter>

        <filter-mapping>
            <filter-name>PicketLinkAuthenticationFilter</filter-name>
            <url-pattern>/admin/*</url-pattern>
            <url-pattern>/standarduser/*</url-pattern>
        </filter-mapping>

I tried to create my own custom AuthenticationFilter but I couldn't. I would really wish that I could do something like in Spring. Something like this or using the IDM functions like hasRole or isMember:

    <intercept-url pattern="/admin/*" access="ADMIN" />
    <intercept-url pattern="/member/*" access="ADMIN,STANDARDUSER" />

解决方案

Unless I completely misunderstand what you're trying to do, I think you can do what you want via the programmatic configuration interface. See the docs section 12.2

public class HttpSecurityConfiguration {

public void configureHttpSecurity(@Observes SecurityConfigurationEvent event) {
    SecurityConfigurationBuilder builder = event.getBuilder();

    builder
        .http()
            .forPath("/*.jsf")
                .authenticateWith()
                    .form()
                        .loginPage("/login.jsf")
                        .errorPage("/loginFailed.jsf")
            .forPath("/admin/*")
                .authorizeWith()
                    .role("Administrator");
    }
}

这篇关于如何自定义PicketLink AuthenticationFilter？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！