我是春天的新手。我最近学会了使用 Spring 3.1 来实现 LDAP 身份验证。我被告知要自定义身份验证,以便如果来自数据库中 IP 地址的用户访问该站点,他/她将自动登录(不是我的想法,我被命令这样做)。如果没有,该人将被发送到登录屏幕以进行 LDAP 身份验证
我制作了一个自定义 PreAuthenticationFilter 的骨架来检查这些用户,确定他们是否来自指定的 IP 地址之一,然后将它们发送到身份验证过程的其余部分。
我是 Spring 的新手。所以我从例子中拼凑起来,并多次阅读参考资料。
当我尝试运行它时,我收到一条错误消息,在我看来我没有正确设置我的标签或者我留下了一大块(我需要第二个自定义的 AuthenticationEntry 点吗?)
任何克服此错误的提示将不胜感激:
我的日志摘录
org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'org.springframework.security.filterChains':
Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
while setting bean property 'sourceList' with key [0];
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0':
Cannot resolve reference to bean 'customFilter'
while setting constructor argument with key [2];
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'customFilter'
defined in ServletContext resource [/WEB-INF/acme-security.xml]:
Invocation of init method failed; nested exception is java.lang.IllegalArgumentException:
An AuthenticationManager must be set
我自定义的用于通过 IP 地址登录的 PreAuthenticatedFilter 类:
package com.acme.controller.security;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.apache.log4j.Logger;
public class CustomIPAddressAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
private static final Logger logger = Logger.getLogger(CustomIPAddressAuthenticationFilter.class);
private AuthenticationDetailsSource ads = new WebAuthenticationDetailsSource();
private AuthenticationManager authenticationManager;
private AuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
boolean isAuthenticatedByIP = false;
// Get the IP address of the user tyring to use the site
String userIPAddress = request.getRemoteAddr();
logger.debug("userIPAddress == " + userIPAddress);
// Compare the user's IP Address with the IP address in the database
// stored in the USERS_AUTHENTICATED_BY_IP table & joined to the
// USERS tabe to make sure the IP Address has a current user
//isAuthenticatedByIP = someDataObject.hasIPAddress(userIPAddress);
isAuthenticatedByIP = true;
if(isAuthenticatedByIP){
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken("John.Principal","Password");
token.setDetails(ads.buildDetails(request));
try{
logger.debug("Going to set Authentication");
authentication = authenticationManager.authenticate(token);
// Setup the security context, aka authenticate
SecurityContextHolder.getContext().setAuthentication(authentication);
logger.debug("Authenticated");
}
catch(AuthenticationException e){
logger.debug("Authentication information was rejected by the authentication manager \n",e);
failureHandler.onAuthenticationFailure((HttpServletRequest)request, (HttpServletResponse)response, e);
}
}// end if(isAuthenticatedByIP)
}// end if(authenication == null)
chain.doFilter(request, response);
}// end function doFilter();
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public void setFailureHandler(AuthenticationFailureHandler failureHandler) {
this.failureHandler = failureHandler;
}
protected String getPreAuthenticatedPrincipal(javax.servlet.http.HttpServletRequest request){
return "Joe.IP.User";
}
protected String getPreAuthenticatedCredentials(javax.servlet.http.HttpServletRequest request){
return "Password2";
}
}
我的 *-security.xml:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<s:http auto-config="true" use-expressions="true">
<s:intercept-url pattern="/login*" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/search*" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/css/**" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/js/**" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/images/**" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/jsp/test*" access="hasRole('ROLE_ANONYMOUS')"/>
<s:intercept-url pattern="/**" access="isAuthenticated()" />
<s:custom-filter position="PRE_AUTH_FILTER" ref="customFilter" />
<s:form-login login-page="/login"
authentication-failure-url="/loginfailed" />
<s:logout logout-success-url="/logout" />
</s:http>
<bean id="customFilter" class="com.acme.controller.security.CustomIPAddressAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<s:ldap-server url = "ldap://ldap-itc.smen.acme.com:636/o=acme.com"/>
<s:authentication-manager alias="authenticationManager">
<s:ldap-authentication-provider user-dn-pattern="uid={0},ou=People"/>
</s:authentication-manager>
</beans>
我的 web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Acme</display-name>
<!--welcome-file-list>
<welcome-file>/login</welcome-file>
</welcome-file-list-->
<servlet>
<servlet-name>acme</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>acme</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Help Find The Spring Config Files -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/nsd-servlet.xml,
/WEB-INF/nsd-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Integrate A Legacy Screen Done With A Servlet -->
<servlet>
<servlet-name>HelloWorldServlet</servlet-name>
<servlet-class>
com.legacy.HelloWorldServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>HelloWorldServlet</servlet-name>
<url-pattern>/helloworldservlet</url-pattern>
</servlet-mapping>
</web-app>