我正在创建一个使用 Waffle 进行身份验证的 Spring MVC 应用程序。我已经成功配置它并且它工作得很好,但是当浏览器不自动发送他们的网络凭据时,我想使用自定义表单而不是浏览器弹出窗口。
我已经修改了我的配置以使用formLogin()希望它会使用我现有的身份验证,但没有运气。
package com.zeroalpha.waffledemo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import waffle.spring.NegotiateSecurityFilter;
import waffle.spring.NegotiateSecurityFilterEntryPoint;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Autowired
private NegotiateSecurityFilterEntryPoint authenticationEntryPoint;
@Autowired
private NegotiateSecurityFilter securityFilter;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.addFilterBefore(this.securityFilter, BasicAuthenticationFilter.class)
.httpBasic()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.formLogin();
}
}
这将是理想的行为:
更新:重大进展!我已成功获得使用 Windows 网络凭据进行身份验证的表单。我是这样做的:
首先,让我向您展示我在原始帖子中遗漏的 bean 声明。它们位于一个单独的类中。
// Waffle Spring Security Beans
@Bean
public WindowsAuthProviderImpl windowsAuthProvider() {
return new WindowsAuthProviderImpl();
}
@Bean
@Autowired
public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
return new NegotiateSecurityFilterProvider(windowsAuthProvider);
}
@Bean
@Autowired
public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(final NegotiateSecurityFilterProvider negotiateSecurityFilterProvider) {
final List<SecurityFilterProvider> securityFilterProviders = new ArrayList<SecurityFilterProvider>();
securityFilterProviders.add(negotiateSecurityFilterProvider);
return new SecurityFilterProviderCollection(securityFilterProviders.toArray(new SecurityFilterProvider[]{}));
}
@Bean
@Autowired
public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint = new NegotiateSecurityFilterEntryPoint();
negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilterEntryPoint;
}
@Bean
@Autowired
public NegotiateSecurityFilter waffleNegotiateSecurityFilter(final SecurityFilterProviderCollection securityFilterProviderCollection) {
final NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilter;
}
@Bean
public WaffleAuthenticationDetailsSource waffleAuthenticationDetailsSource() {
return new WaffleAuthenticationDetailsSource();
}
现在,这就是我如何获得生成的 Spring 安全表单以使用 Windows 网络凭据进行身份验证
首先,我添加了这个类型的beanwaffle.spring.WindowsAuthenticationProvider
@Bean
@Autowired
public WindowsAuthenticationProvider windowsAuthenticationProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
WindowsAuthenticationProvider provider = new WindowsAuthenticationProvider();
provider.setAuthProvider(windowsAuthProvider);
return provider;
}
然后我将它添加到SecurityConfig.java并使用它来设置http安全链中的身份验证提供程序
...
@Autowired
public WindowsAuthenticationProvider windowsAuthenticationProvider;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.addFilterBefore(this.securityFilter, BasicAuthenticationFilter.class)
.httpBasic()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.authenticationProvider(windowsAuthenticationProvider) // Set authentication provider here
.formLogin()
.authenticationDetailsSource(waffleAuthenticationDetailsSource);
}
现在我只需要弄清楚如果浏览器不发送凭据,如何只使用表单!嗯……