0

我们使用的是spring 2.5。我们有常用的 Web 服务来验证用户,它以用户名和密码作为输入,并在验证密码后返回 true 或 false。我们应该如何以及在哪里实现这个 Web 服务调用?请回复。谢谢

现在我们有以下弹簧配置。我们想将 web 服务调用合并到其中。

    <intercept-url pattern="/service/**" access="ROLE_ANONYMOUS, ROLE_LEARNER,ROLE_TRAININGADMINISTRATOR,ROLE_LMSADMINISTRATOR,ROLE_REGULATORYANALYST,ROLE_INSTRUCTOR"/>  

    <logout invalidate-session="true" logout-success-url="/login.do"/>
    <anonymous />  <http-basic /> <remember-me />
</http>
<b:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    <b:property name="loginFormUrl" value="/login.do"/>
    <b:property name="forceHttps" value="false" />
</b:bean>
<authentication-manager alias='authenticationManagerAlias'/>

<b:bean id="myAuthenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
    <b:property name="defaultTargetUrl" value="/interceptor.do"/>
    <b:property name="authenticationFailureUrl" value="/login.do"/>
    <b:property name="authenticationManager" ref="authenticationManagerAlias"/>
    <b:property name="authenticationDetailsSource" ref="vu360UserAuthenticationDetailsSource"/>
    <b:property name="alwaysUseDefaultTargetUrl" value="true"/>
    <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
</b:bean>    

<b:bean class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
    <b:property name="userDetailsService" ref="userDetailsService"/>
    <b:property name="passwordEncoder" ref="passwordEncoder"/>
    <b:property name="saltSource" ref="saltSource"/>
    <custom-authentication-provider/>  
</b:bean>   
<b:bean class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
    <b:property name="userDetailsService" ref="userDetailsService"/>
    <custom-authentication-provider/>  
</b:bean>

4

2 回答 2

2

实现一个 CustomAuthenticationProvider,例如:

import com.google.common.collect.Lists;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;

public class CustomAuthenticationProvider implements AuthenticationProvider {

public final static Logger log = LogManager.getLogger(CustomAuthenticationProvider.class.getName());

@Override
public Authentication authenticate(Authentication authentication)
        throws AuthenticationException {
    List<GrantedAuthority> AUTHORITIES = Lists.newArrayList();
    AUTHORITIES.add(new GrantedAuthority() {
        @Override
        public String getAuthority() {
            return "ROLE_ADMIN";
        }
    });

        return new UsernamePasswordAuthenticationToken(authentication.getName(), authentication.getCredentials(), AUTHORITIES);
}

@Override
public boolean supports(Class<? extends Object> authentication) {
    return authentication.equals(UsernamePasswordAuthenticationToken.class);
}

}

<authentication-manager>
    <authentication-provider  ref="customAuthenticationProvider" >
    </authentication-provider>
</authentication-manager>
<beans:bean id="customAuthenticationProvider" class="com.xkey.principal.CustomAuthenticationProvider"/>
于 2013-05-09T14:54:07.940 回答
0

如果您想自己控制身份验证,您可以创建自己的AuthenticationManager调用 Web 服务并将其注入到AuthenticationProcessingFilter. 这是一个示例 custom AuthenticationManager,显然您需要将示例服务调用替换为您用于调用实际服务的任何代码。

public class CustomWebServiceAuthenticationManager implements AuthenticationManager {

    public Authentication authenticate(Authentication credentials) throws AuthenticationException {
        String username = credentials.getName();
        String password = (String)credentials.getCredentials();

        // change this to your actual web service call
        boolean successfulAuthentication = myWebService.authenticate(username, password);
        if(successfulAuthentication) {
            // do whatever you need to do to get the correct roles for the user, this is just an example of giving every user the role "ROLE_LEARNER"
            List<GrantedAuthority> roles = Collections.singletonList(new SimpleGrantedAuthority("ROLE_LEARNER"));
            return new UsernamePasswordAuthenticationToken(username, password, roles);
        } else {
            throw new AuthenticationException("Authentication failed, invalid username or password");
        }
    }
}

然后将 添加CustomWebServiceAuthenticationManager到您的 spring 配置并在AuthenticationProcessingFilter.

<b:bean id="customWebServiceAuthenticationManager" class="CustomWebServiceAuthenticationManager"/>

<b:bean id="myAuthenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
    <b:property name="defaultTargetUrl" value="/interceptor.do"/>
    <b:property name="authenticationFailureUrl" value="/login.do"/>
    <b:property name="authenticationManager" ref="customWebServiceAuthenticationManager"/>
    <b:property name="authenticationDetailsSource" ref="vu360UserAuthenticationDetailsSource"/>
    <b:property name="alwaysUseDefaultTargetUrl" value="true"/>
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>

于 2013-05-09T14:30:21.487 回答