7

我创建了一个 Axis Web 服务作为在 Tomcat 7 上运行的 Java 6 应用程序。为了安全,集成了 Spring Security 2.0.1 框架。

出于安全目的,服务端点应该受到基本身份验证的保护。但是,WSDL 文档应该是公开的。

我创建了一个这样的 Spring 安全配置:


<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
            http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

    <http>
        <intercept-url pattern="/services/InitechAuthenticationService*" access="ROLE_WSUSER" />
        <intercept-url pattern="/services/InitechAuthenticationService?wsdl" filters="none" />
        <http-basic />
    </http>

    <authentication-provider>
        <user-service>
            <user name="internal" password="${WS_USER_INTERNAL_PASSWORD}" authorities="ROLE_WSUSER" />
            <user name="external" password="${WS_USER_EXTERNAL_PASSWORD}" authorities="ROLE_WSUSER" />
        </user-service>
    </authentication-provider>

</beans:beans>

问题是,无论拦截 URL 行的顺序如何,该行


<intercept-url pattern="/services/InitechAuthenticationService*" access="ROLE_WSUSER" />

似乎总是被应用并且线


<intercept-url pattern="/services/InitechAuthenticationService?wsdl" filters="none" />

被忽略。我本来希望人们可以以某种方式控制行为,例如通过指定顺序(以便 Spring Security 选择第一个或最后一个匹配规则)或通过规则的特异性,以便 Spring Security 选择最具体的规则,即在这种情况下,最后一个带有“wsdl”。如何排除 WSDL 文档进行身份验证,同时启用身份验证以实际使用 WS?

4

1 回答 1

4

我通过将配置的 http 部分更改为使用正则表达式而不是Ant Path Matcher解决了这个问题。完整的工作配置在这里:


<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
            http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

    <http path-type="regex">
        <intercept-url pattern="/services/InitechAuthenticationService*" access="ROLE_WSUSER" />
        <intercept-url pattern="/services/InitechAuthenticationService\\?wsdl" filters="none" />
        <http-basic />
    </http>

    <authentication-provider>
        <user-service>
            <user name="internal" password="${WS_USER_INTERNAL_PASSWORD}" authorities="ROLE_WSUSER" />
            <user name="external" password="${WS_USER_EXTERNAL_PASSWORD}" authorities="ROLE_WSUSER" />
        </user-service>
    </authentication-provider>

</beans:beans>

变化:

  1. 将路径类型“正则表达式”属性添加到 http
  2. 改变了?到 \\?在 wsdl 的拦截 URL 中
于 2012-05-04T08:40:55.477 回答