Grails 3 Spring Security预认证 [英] Grails 3 Spring Security Pre Authentication

问题描述

我在工作中使用的应用程序使用Grails 3.我正在尝试执行预认证，如 article ，但是由于我无法弄清楚如何禁用 grails 3 spring security plugin 。

以下是我目前的场景：用户A击中了我的网页。我想分析请求的标题并取出角色和用户名信息。如果用户名或角色为空，我会将用户重定向到某个网关。简而言之，我只想通过调用插件提供的静态规则来使用spring安全进行授权。即

  grails.plugin.springsecurity.controllerAnnotations.staticRules = [
 [pattern：'/ serviceb / **' ，访问：hasAnyRole（'ROLE_COOL'，'ROLE_UNCOOL'）]，
 [pattern：'/ cools / **'，access：['ROLE_ADMINS']]，
 [pattern：'/ *'，access：'isAuthenticated（）'] 
] 
  

这就是我不要需要spring安全性来执行任何登录功能，如第一篇文章指出，我们只能用它进行身份验证。

我曾尝试过：<首先，我删除了我的application.groovy文件中的所有与认证相关的调用（在运行插件的快速启动时默认创建），即连接字符串，搜索过滤器，但不是静态规则

接下来，我尝试使用解决方案提供d由这两个职位：堆栈和这。

我创建了一个Filter来扩展AbstractPreAuthenticatedProcessingFilter

  package Cool.service.authentication 
 import org。 springframework.security.web.authentication.preauth.Abs​​tractPreAuthenticatedProcessingFilter 
 import javax.servlet.http.HttpServletRequest 
 
 class CGAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
 @Override 
 protected Object getPreAuthenticatedPrincipal（ HttpServletRequest request）{username} 
 
 @Override 
 protected Object getPreAuthenticatedCredentials（HttpServletRequest request）{N / A} 
} 
  

My Boot config现在看起来像这：

 导入grails.plugin.springsecurity.SecurityFilterPosition 
导入grails.plugin.springsecurity.SpringSecurityUtils 
 
 class BootStrap {
 
 def init = {servletContext  - > 
 SpringSecurityUtils.clientRegisterFilter（'CGAuthenticationFilter'，SecurityFilterPosition.PRE_AUTH_FILTER.order）
} 
} 
  

我的Spring资源如下所示：

  import Cool.service.authentication.CGAuthenticationFilter 
 
 beans = {
 myAuthenticationFilter（CGAuthenticationFilter）{
 authenticationManager = ref（'authenticationManager'）
 checkForPrincipalChanges = true 
} 
} 
  

最后，将此行添加到我的application.groovy配置中，用于spring security插件：

  grails.plugin.springsecurity.providerNames = ['preAuthenticatedAuthenticationProvider'，'anonymousAuthenticationProvider'] 
  

然而，当我尝试运行应用程序时，服务器失败启动并且java返回非零值时，我得到了一个超级生成错误。这让我相信自己是朝着错误的方向前进，并且实现是完全错误的。为解决这个问题，我有了一个解决方案。改变一些文件。首先，我的Bootstrap文件现在包含以下init块：

pre $ Spring $ Security $ $ b

我的beans（resources.groovy）文件现在包含：

  userDetailsS​​ervice（grails.plugin.springsecurity.userdetails.GormUserDetailsS​​ervice）{
 grailsApplication = ref（'grailsApplication'）
} 
 
 userDetailsByNameServiceWrapper（org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper）{
 userDetailsS​​ervice = ref（'userDetailsS​​ervice'）
} 
 
 preAuthenticatedAuthenticationProvider（org.springframework.security.web。 authentication.preauth.PreAuthenticatedAuthenticationProvider）{
 preAuthenticatedUserDetailsS​​ervice = userDetailsByNameServiceWrapper 
} 
 
 requestHeaderAuthenticationFilter（Cool.service.authentication.GCHeaderAuthenticationFilter）{ 
 authenticationManager = ref（'authenticationManager'）
} 
  

除此之外，其余的配置是正确的。

The application I have in works uses Grails 3. I am attempting to do Pre-Authentication, as described in this article , but am having a hard time as I cannot figure out how to disable the regular authentication provided by the grails 3 spring security plugin.

Here is my current scenario: User A hits my webpage. I want to parse the headers of the request and take out the roles and username information. If the username or roles are empty, I will redirect the user to some gateway. In simple terms, I want to use spring security for authorization only, by invoking the static rules provided by the plugin. i.e

grails.plugin.springsecurity.controllerAnnotations.staticRules = [
    [pattern: '/serviceb/**', access: "hasAnyRole('ROLE_COOL','ROLE_UNCOOL')"],
    [pattern: '/cools/**', access: ['ROLE_ADMINS']],
    [pattern: '/*', access: 'isAuthenticated()']
]

This is the reason I do not need spring security to do any login functionality, as the first article states, we can use it for authentication only.

What I have tried:

First, I removed all authentication related calls in my application.groovy file (created by default when running the quick start for the plugin) i.e, connection strings, search filters, but not static rules

Next, I tried to use a solution provided by these two posts: on stack and this on blog.

I created a Filter to extend the AbstractPreAuthenticatedProcessingFilter

package Cool.service.authentication
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
import javax.servlet.http.HttpServletRequest

class CGAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
    @Override
    protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) { "username" }

    @Override
    protected Object getPreAuthenticatedCredentials(HttpServletRequest request) { "N/A" }
}

My Boot config now looks like this:

import grails.plugin.springsecurity.SecurityFilterPosition
import grails.plugin.springsecurity.SpringSecurityUtils

class BootStrap {

    def init = { servletContext ->
        SpringSecurityUtils.clientRegisterFilter('CGAuthenticationFilter', SecurityFilterPosition.PRE_AUTH_FILTER.order)
    }
}

And my Spring resources look like this:

import Cool.service.authentication.CGAuthenticationFilter

beans = {
    myAuthenticationFilter(CGAuthenticationFilter) {
        authenticationManager = ref('authenticationManager')
        checkForPrincipalChanges = true
    }
}

And lastly, added this line to my application.groovy configuration for spring security plugin:

grails.plugin.springsecurity.providerNames = ['preAuthenticatedAuthenticationProvider', 'anonymousAuthenticationProvider']

However, I am getting a super geneirc error when trying to run-app, where the server "fails" to start and java returns a non zero value back. This makes me believe I am headed in the wrong direction, and the implementation is completely wrong

解决方案

To solve the problem, I had to change a few files. First, my Bootstrap file now contains the following init block:

SpringSecurityUtils.clientRegisterFilter('requestHeaderAuthenticationFilter', SecurityFilterPosition.PRE_AUTH_FILTER)

My beans (resources.groovy) file now contains:

userDetailsService(grails.plugin.springsecurity.userdetails.GormUserDetailsService) {
    grailsApplication = ref('grailsApplication')
}

userDetailsByNameServiceWrapper(org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper) {
    userDetailsService = ref('userDetailsService')
}

preAuthenticatedAuthenticationProvider(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider) {
    preAuthenticatedUserDetailsService = userDetailsByNameServiceWrapper
}

requestHeaderAuthenticationFilter(Cool.service.authentication.GCHeaderAuthenticationFilter) {
    authenticationManager = ref('authenticationManager')
}

Other than that, the rest of the configuration is correct.

这篇关于Grails 3 Spring Security预认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！