使用Spring Security 3与Cookie [英] Using Spring Security 3 with cookies
问题描述
我有一个内置在Java中需要授权的应用程序。然而,认证片由不同/单独的应用程序(不是Java)来处理。用户登录到身份验证应用程序,该应用程序设置一个cookie。如果用户有权访问Java应用程序,他们将被授权应用程序重定向到Java应用程序的URL。
I have an application that is built in Java that requires authorization. However, the authentication piece is handled by a different/separate application (not in Java). The user logs in to the authentication app, and that app sets a cookie. If the user is authorized to access the Java app, they will be redirected by the authorization app to the Java app's URL.
我想使用Spring Security验证/检查在允许访问Java应用程序之前的cookie。什么是最好的方法做到这一点? Java应用程序应该执行以下操作:
I want to use Spring Security to verify/check the cookie before allowing access to the Java application. What's the best way to do this? The Java app should do below:
- 检查cookie是否存在
- 使用db验证cookie值。如果没有,请将其发送到其他应用以登录
- 如果Cookie有效,请显示申请。如果没有,发送用户到身份验证应用程序。
任何想法?
推荐答案
你可以通过自己的 UsernamePasswordAuthenticationFilter
来做到这一点。在过滤器内,您可以检查您需要的cookie。您应该只需要覆盖 attemptAuthentication()
方法。
You can do this by making your own UsernamePasswordAuthenticationFilter
. Inside the filter you can check for the cookies you need. You should only need to override the attemptAuthentication()
method. You have the request and response objects there so checking for the cookies should be easy.
您还需要实现一个 UserDetailsService
以检查数据库的用户凭据。
You will also need to implement a UserDetailsService
to check the user credentials with the database.
- This will help you on the custom filter.
- This is how to write a
UserDetailsService
.
像这样:
<http use-expressions="true" auto-config="false" entry-point-ref="yourEntryPointInApp1">
<custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="myDetailsService" />
</authentication-manager>
同时注意不要使用< formLogin>
如果您决定实施过滤器。
Also be careful not to use <formLogin>
if you decide to implement the filter.
这篇关于使用Spring Security 3与Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!