我正在尝试使用Spring Boot方式在Spring Security中使用Waffle身份验证,期望的结果是“如果Negotiate失败,则阻止所有内容”。
Waffle项目提供了一个配置示例,用于这种用例(在此示例中,如果Negotiate失败,会回退到简单的HTTP身份验证,但我不需要),假定配置是通过
我意识到这不是一个具体的问题,但Spring论坛现在重定向到这里,而Waffle的人不知道Spring Boot。有人能帮我将XML Spring Security配置翻译成Spring Boot吗?
第一步是声明一个过滤器链和上下文加载器监听器。
最后一步是
示例:
运行此配置会导致奇怪的行为:有时会触发NTLM并成功,有时Negotiate过滤器会崩溃并显示“提供的令牌无效”错误(相同的凭据、用户、浏览器、配置)。 提供的示例非常有效,这让我想到我的引导配置可能存在问题。
任何帮助都将不胜感激!
Waffle项目提供了一个配置示例,用于这种用例(在此示例中,如果Negotiate失败,会回退到简单的HTTP身份验证,但我不需要),假定配置是通过
web.xml
完成的。但是,尽管尝试了许多次,我仍然不明白如何在使用Boot和Java-only配置的情况下将Waffle与Spring Security连接起来。我正在使用Spring Boot 1.2.1.RELEASE,具有Web和Security启动器,Waffle版本为1.7.3。我意识到这不是一个具体的问题,但Spring论坛现在重定向到这里,而Waffle的人不知道Spring Boot。有人能帮我将XML Spring Security配置翻译成Spring Boot吗?
第一步是声明一个过滤器链和上下文加载器监听器。
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/waffle-filter.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
我假设(我错了吗?)这已经被@EnableWebMvcSecurity
处理,所以这里不需要做任何事情。
接下来是声明一些提供者bean,所以我翻译一下:
<bean id="waffleWindowsAuthProvider" class="waffle.windows.auth.impl.WindowsAuthProviderImpl" />
<bean id="negotiateSecurityFilterProvider" class="waffle.servlet.spi.NegotiateSecurityFilterProvider">
<constructor-arg ref="waffleWindowsAuthProvider" />
</bean>
<bean id="basicSecurityFilterProvider" class="waffle.servlet.spi.BasicSecurityFilterProvider">
<constructor-arg ref="waffleWindowsAuthProvider" />
</bean>
<bean id="waffleSecurityFilterProviderCollection" class="waffle.servlet.spi.SecurityFilterProviderCollection">
<constructor-arg>
<list>
<ref bean="negotiateSecurityFilterProvider" />
<ref bean="basicSecurityFilterProvider" />
</list>
</constructor-arg>
</bean>
<bean id="waffleNegotiateSecurityFilter" class="waffle.spring.NegotiateSecurityFilter">
<property name="Provider" ref="waffleSecurityFilterProviderCollection" />
</bean>
到这个
@Bean
public WindowsAuthProviderImpl waffleWindowsAuthProvider() {
return new WindowsAuthProviderImpl();
}
@Bean
@Autowired
public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
return new NegotiateSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public BasicSecurityFilterProvider basicSecurityFilterProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
return new BasicSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(final NegotiateSecurityFilterProvider negotiateSecurityFilterProvider, final BasicSecurityFilterProvider basicSecurityFilterProvider) {
final SecurityFilterProvider[] securityFilterProviders = {
negotiateSecurityFilterProvider,
basicSecurityFilterProvider
};
return new SecurityFilterProviderCollection(securityFilterProviders);
}
@Bean
@Autowired
public NegotiateSecurityFilter waffleNegotiateSecurityFilter(final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilter;
}
最后一步是
sec:http
部分的配置。声明了入口点,并在BASIC认证过滤器之前放置了过滤器。示例:
<sec:http entry-point-ref="negotiateSecurityFilterEntryPoint">
<sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<sec:custom-filter ref="waffleNegotiateSecurityFilter" position="BASIC_AUTH_FILTER" />
</sec:http>
<bean id="negotiateSecurityFilterEntryPoint" class="waffle.spring.NegotiateSecurityFilterEntryPoint">
<property name="Provider" ref="waffleSecurityFilterProviderCollection" />
</bean>
我的引导翻译:
@Autowired
private NegotiateSecurityFilterEntryPoint authenticationEntryPoint;
@Autowired
private NegotiateSecurityFilter negotiateSecurityFilter;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests().anyRequest().authenticated()
.and()
.addFilterBefore(this.negotiateSecurityFilter, BasicAuthenticationFilter.class)
.httpBasic().authenticationEntryPoint(this.authenticationEntryPoint);
}
@Bean
@Autowired
public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint = new NegotiateSecurityFilterEntryPoint();
negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilterEntryPoint;
}
运行此配置会导致奇怪的行为:有时会触发NTLM并成功,有时Negotiate过滤器会崩溃并显示“提供的令牌无效”错误(相同的凭据、用户、浏览器、配置)。 提供的示例非常有效,这让我想到我的引导配置可能存在问题。
任何帮助都将不胜感激!