用于Siteminder的Spring Security Java Config [英] Spring Security Java Config for Siteminder
问题描述
我有一个有效的inMemoryAuthentication配置:
I have an inMemoryAuthentication configuration that works:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(
AuthenticationManagerBuilder authenticationManagerBuilder)
throws Exception {
authenticationManagerBuilder //
.inMemoryAuthentication() //
.withUser("employee") //
.password("employee") //
.roles("RoleEmployee")
;
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// @formatter:off
httpSecurity
.authorizeRequests()
.antMatchers("/login","/login.request","/logout").permitAll()
.anyRequest().hasRole("RoleEmployee")
.and()
.formLogin()
.loginPage("/login.request")
.loginProcessingUrl("/login")
.failureUrl("/login.request?error")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.permitAll()
.logoutSuccessUrl("/login.request")
;
// @formatter:on
}
}
我现在想使用Siteminder身份验证并将其更改为:
I want to now use Siteminder authentication and changed this to:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
private UserDetailsService userDetailsService;
private PreAuthenticatedAuthenticationProvider preAuthenticatedProvider;
public WebSecurityConfiguration() {
super();
userDetailsService = new CustomUserDetailsService();
UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> wrapper = new UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken>(
userDetailsService);
preAuthenticatedProvider = new PreAuthenticatedAuthenticationProvider();
preAuthenticatedProvider.setPreAuthenticatedUserDetailsService(wrapper);
}
@Override
protected void configure(
AuthenticationManagerBuilder authenticationManagerBuilder)
throws Exception {
// @formatter:off
authenticationManagerBuilder //
.authenticationProvider(preAuthenticatedProvider);
// @formatter:on
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// @formatter:off
RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter();
siteMinderFilter.setAuthenticationManager(authenticationManager());
httpSecurity
.addFilter(siteMinderFilter)
.authorizeRequests()
.antMatchers("/login","/login.request","/logout").permitAll()
.anyRequest().hasRole("RoleEmployee")
.and()
.formLogin()
.loginPage("/login.request")
.loginProcessingUrl("/login")
.failureUrl("/login.request?error")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.permitAll()
.logoutSuccessUrl("/login.request")
;
// @formatter:on
}
}
目前,CustomUserDetailsService始终返回具有雇员角色的用户:
For now CustomUserDetailsService always returns a user with the employee role:
public class CustomUserDetailsService implements
UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
SimpleGrantedAuthority authority = new SimpleGrantedAuthority("RoleEmployee");
authorities.add(authority);
UserDetails user = new User(username, "password", authorities);
return user;
}
}
当我对此进行测试时,SM_USER标头已正确传入,并且在调试器中可以看到正确调用了CustomUserDetailsSerice,但是以前在旧配置下我能够成功访问的任何页面都返回403禁止状态
When I test this, the SM_USER header is correctly passed in and I can see in the debugger that CustomUserDetailsSerice is correctly called, but a 403 Forbidden status is returned for any page that I was previously able to access successfully under the old configuration.
此配置是否有问题?
推荐答案
经常问这个问题有助于回答.
Oftentimes asking the question helps answer it.
更改:
anyRequest().hasRole("RoleEmployee")
收件人:
anyRequest().hasAuthority("RoleEmployee")
修复了该问题.
这篇关于用于Siteminder的Spring Security Java Config的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!