Grails预先验证的场景 [英] Grails pre-authenticated scenario
问题描述
class MyAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
protected getPreAuthenticatedPrincipal(request){my_username}
protected getPreAuthenticatedCredentials(request){N / A}
将其添加到Spring:
beans = {
myAuthenticationFilter(MyAuthenticationFilter){
authenticationManager = ref('authenticationManager')
checkForPrincipalChanges = true
}
$ / code>
并在BootStrap中注册,位置为PRE_AUTH_FILTER:
class BootStrap {
def init = {servletContext - >
SpringSecurityUtils.clientRegisterFilter('myAuthenticationFilter',
SecurityFilterPosition.PRE_AUTH_FILTER.order)
}
}
Config.groovy只有标准的User,Role和UserRole类名称以及一些staticRules。
我尝试从它的 getPreAuthenticatedPrincipal()
方法返回各种各样的东西:用户标识,用户标识作为字符串,用户名,用户对象本身...我可以看到我的过滤器被调用每个请求(这是我想要的,已设置 checkForPrincipalChanges = true
)无论我从它返回什么,当前用户保持匿名: springSecurityService.principal
仍然是 __ grails.anonymous.user __
什么是否需要在我的设置中进行更改,以便能够使用他们现有的组和角色对我的用户进行身份验证?我不想写一个额外的身份验证提供程序,对于Grails的标准 daoAuthenticationProvider
,我没有问题。我是否需要从我的过滤器中返回特定的内容?我需要设置一些其他的Spring类吗?
我解决了它。我在这里记录它,以防别人需要做同样的事情。
基本上缺失的是将一个新的PreAuthenticatedAuthenticationProvider配置为唯一的提供者。没有额外的代码需要,只需在资源中定义它:
myAuthenticationProvider(PreAuthenticatedAuthenticationProvider){
preAuthenticatedUserDetailsService = ref('authenticationUserDetailsService ')
}
并将其设置为Config中的唯一提供者:
grails.plugin.pringsecurity.providerNames = ['myAuthenticationProvider']
然后,从认证过滤器中,只返回预认证用户的用户名,如果没有(匿名用户),则返回null。
I'm trying to configure a Grails app in a pre-authenticated scenario, using Spring Security Core.
So I wrote a custom authentication filter:
class MyAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
protected getPreAuthenticatedPrincipal(request) { "my_username" }
protected getPreAuthenticatedCredentials(request) { "N/A" }
}
added it to Spring:
beans = {
myAuthenticationFilter(MyAuthenticationFilter) {
authenticationManager = ref('authenticationManager')
checkForPrincipalChanges = true
}
}
and registered it in BootStrap, with position PRE_AUTH_FILTER:
class BootStrap {
def init = { servletContext ->
SpringSecurityUtils.clientRegisterFilter('myAuthenticationFilter',
SecurityFilterPosition.PRE_AUTH_FILTER.order)
}
}
Config.groovy only has the standard User, Role, and UserRole class names, plus some staticRules.
Inside the filter, I tried returning all sorts of things from its getPreAuthenticatedPrincipal()
method: the user id, the user id as a string, its username, the User object itself… I can see that my filter is being called for each request (which is what I want, having set checkForPrincipalChanges = true
) no matter what I return from it, the current user remains anonymous: springSecurityService.principal
is still __grails.anonymous.user__
What do I need to change in my setup, to be able to authenticate my users, with their existing groups and roles? I don't want to write an additional authentication provider, I'm fine with Grails's standard daoAuthenticationProvider
. Do I need to return something specific from my filter? Do I need to setup some other Spring classes?
I solved it. I'm documenting it here in case somebody else needs to do the same.
Basically the missing piece was to configure a new PreAuthenticatedAuthenticationProvider as the only provider. No additional code needed, just define it in resources:
myAuthenticationProvider(PreAuthenticatedAuthenticationProvider) {
preAuthenticatedUserDetailsService = ref('authenticationUserDetailsService')
}
and set it as the only provider in Config:
grails.plugin.pringsecurity.providerNames = ['myAuthenticationProvider']
Then, from the authentication filter, just return the username of the pre-authenticated user, or null if none (the anonymous user.)
这篇关于Grails预先验证的场景的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!