具有Spring Security的自定义Http授权标头 [英] Custom Http Authorization Header with Spring Security

问题描述

我们正在使用Grails框架构建Restful服务，并使用Spring Security插件为其提供安全性.我想与大家一起检查使用自定义授权"标头进行身份验证时采取的最佳方法.有关此方法的更多信息，请点击此处 自定义HTTP授权标头

We are building a Restful service using Grails framework and are providing security for it using Spring Security plugin. I wanted to check with you all on best approach to take when you want to authenticate using Custom Authorization header. More on this approach can be read here Custom HTTP Authorization Header

在我的情况下，客户端ID和机密存储在Ldap中，标头附带SHA1加密.使用Spring Security实现此目标的最佳方法是什么?

In my case, client id and secret is stored in Ldap and header comes with SHA1 encryption. What would be the best approach to implement this using Spring Security?

我也在Grails邮件列表中问过同样的问题.

I have asked same question in Grails mailing list too.

任何见解都会有所帮助.谢谢.

Any insight would be helpful. Thanks.

〜阿比

推荐答案

您必须实现自己的过滤器，身份验证提供程序和身份验证令牌(以将数据传递到您的提供程序).

You have to implement your own Filter, Authentication Provider and Authentication token (to pass data to your Provider).

请参阅:

• 什么是安全过滤器链- http://static.springsource.org/spring-security/site/docs/3.0.x/reference/core-services.html#core-services-dao-provider
• 如何将过滤器注册到Spring Secutory Core插件中- http://grails.org/plugin/spring-security-core

• what is securty filter chain - http://static.springsource.org/spring-security/site/docs/3.0.x/reference/security-filter-chain.html
• authentication providers - http://static.springsource.org/spring-security/site/docs/3.0.x/reference/core-services.html#core-services-dao-provider
• how to register your filter into Spring Secutory Core plugin - http://grails-plugins.github.com/grails-spring-security-core/docs/manual/guide/16%20Filters.html
• and, if you need an example, take a look at some existing authentication subplugins for Spring Security Core - http://grails.org/plugin/spring-security-core

这篇关于具有Spring Security的自定义Http授权标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！