6

我正在使用 Spring Security 3.0.2,但我找不到从数据库加载匿名用户角色的方法(我有动态角色,可以将角色分配给每个人)。

我尝试使用自定义的 anonymousAuthenticationProvider ,但从未调用过此提供程序。这是我的配置:

<http auto-config="false">
    <logout invalidate-session="true" logout-success-url="/page/welcome" />
    <remember-me />
    <anonymous username="_GUEST_" granted-authority="ROLE_GUEST" key="anonymousKey" />
    <form-login login-page="/page/login" authentication-failure-url="/page/login?fail=1" default-target-url="/page/welcome" />
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="anonymousAuthenticationProvider"></authentication-provider>
    <authentication-provider user-service-ref="accountDetails">
        <password-encoder ref="passwordEncoder">
            <salt-source user-property="xxxx" />
        </password-encoder>
    </authentication-provider>
</authentication-manager>

<beans:bean id="accountDetails" class="com.mysite.AccountDetailsImpl" />

<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
    <beans:constructor-arg value="512" />
</beans:bean>

<beans:bean id="anonymousAuthenticationProvider" class="com.my.site.security.CustomAnonymousAuthenticationProvider">
    <beans:property name="key" value="anonymousKey" />
</beans:bean>

我的 anonymousAuthenticationProvider 从未被调用,因此我无法从数据库加载自定义权限。当我登录时,我的服务 accountDetails 被调用,我可以从数据库中为用户加载角色,我想要匿名用户同样的事情。

我该怎么做 ?谢谢

4

1 回答 1

4

似乎实现它的最简单方法是AnonymousAuthenticationFilter使用 custom声明 a UserAttribute,这将产生所需的权限:

<http auto-config = "false">
    <anonymous enabled = "false" />
    <custom-filter ref = "myFilter" position = "ANONYMOUS_FILTER" />
    ...
</http>

<beans:bean id = "myFilter" class = "org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
    <beans:property name = "key" value = "anonymousKey" />
    <beans:property name = "userAttribute" ref = "myAttributes" />
</beans:bean>

<beans:bean id = "myAttributes" class = "..." />
于 2010-03-03T16:00:24.870 回答