那些遇到过的问题

Siteminder的Spring Security Java配置

Pau*_*kin 6 siteminder spring-mvc spring-security spring-java-config

我有一个inMemoryAuthentication配置工作:

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(
            AuthenticationManagerBuilder authenticationManagerBuilder)
            throws Exception {

        authenticationManagerBuilder //
            .inMemoryAuthentication() //
                .withUser("employee") //
                    .password("employee") //
                    .roles("RoleEmployee")
        ;

    }

    @Override
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers("/resources/**");
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        // @formatter:off

        httpSecurity
            .authorizeRequests()
                .antMatchers("/login","/login.request","/logout").permitAll()
                .anyRequest().hasRole("RoleEmployee")
        .and()
            .formLogin()
                .loginPage("/login.request")
                .loginProcessingUrl("/login")
                .failureUrl("/login.request?error")
                .permitAll()
        .and()
            .logout()
                .logoutUrl("/logout")
                .permitAll()
                .logoutSuccessUrl("/login.request")
        ;

        // @formatter:on
    }
}
Run Code Online (Sandbox Code Playgroud)

我想现在使用Siteminder身份验证并将其更改为:

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    private UserDetailsService userDetailsService;  
    private PreAuthenticatedAuthenticationProvider preAuthenticatedProvider;

    public WebSecurityConfiguration() {
        super();

        userDetailsService = new CustomUserDetailsService();
        UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> wrapper = new UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken>(
                userDetailsService);

        preAuthenticatedProvider = new PreAuthenticatedAuthenticationProvider();
        preAuthenticatedProvider.setPreAuthenticatedUserDetailsService(wrapper);
    }


    @Override
    protected void configure(
            AuthenticationManagerBuilder authenticationManagerBuilder)
            throws Exception {


        // @formatter:off
        authenticationManagerBuilder //
            .authenticationProvider(preAuthenticatedProvider);
        // @formatter:on
    }

    @Override
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers("/resources/**");
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        // @formatter:off

        RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter();
        siteMinderFilter.setAuthenticationManager(authenticationManager());

        httpSecurity
            .addFilter(siteMinderFilter)
            .authorizeRequests()
                .antMatchers("/login","/login.request","/logout").permitAll()
                .anyRequest().hasRole("RoleEmployee")
        .and()
            .formLogin()
                .loginPage("/login.request")
                .loginProcessingUrl("/login")
                .failureUrl("/login.request?error")
                .permitAll()
        .and()
            .logout()
                .logoutUrl("/logout")
                .permitAll()
                .logoutSuccessUrl("/login.request")
        ;

        // @formatter:on
    }
}
Run Code Online (Sandbox Code Playgroud)

现在,CustomUserDetailsS​​ervice始终返回具有employee角色的用户:

public class CustomUserDetailsService implements
        UserDetailsService {
    @Override
    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException {
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        SimpleGrantedAuthority authority = new SimpleGrantedAuthority("RoleEmployee");
        authorities.add(authority);

        UserDetails user = new User(username, "password", authorities);
        return user;    
    }
}
Run Code Online (Sandbox Code Playgroud)

当我测试它时,SM_USER标头被正确传入,我可以在调试器中看到正确调用CustomUserDetailsS​​erice,但是对于我以前能够在旧配置下成功访问的任何页面,都会返回403 Forbidden状态.

这个配置有问题吗?

Pau*_*kin 6

通常问这个问题有助于回答它.

更改:

anyRequest().hasRole("RoleEmployee")
Run Code Online (Sandbox Code Playgroud)

至:

anyRequest().hasAuthority("RoleEmployee")
Run Code Online (Sandbox Code Playgroud)

固定它.

归档时间:

查看次数:

7878 次

最近记录:

11 年,7 月 前
相关归档
根据spring security 3.1中的角色确定目标URL 10
记住 - 我不工作..抛出java.lang.IllegalStateException:UserDetailsS​​ervice是必需的 8
Spring安全:使用注释强制https? 6
spring MVC在spring-data页面上使用@JsonView 6
Spring 控制器的 AOP 5
从 Spring Boot 控制器返回 JAXB 生成的元素 5
org.springframework.web.client.HttpClientErrorException:401未经授权 5
在 Spring Controller 中使用 ResponseEntity&lt;?&gt; 返回类型而不是简单的 ResponseEntity 的原因是什么? 5
由于加倍的上下文(servlet + ContextLoaderListener),所有Spring Framework bean都会重复 4
如何在 Thymeleaf 中使用复选框实现多选下拉菜单并将所选值显示到 Spring 控制器 1
难疑归档
如何在Java中读取/转换InputStream为String? 3864
grep一个文件,但显示几个周围的行? 3277
如何使用JavaScript复制到剪贴板? 3131
设置JavaScript函数的默认参数值 2277
我应该使用Vagrant还是Docker来创建一个孤立的环境? 2049
PHP'foreach'如何实际工作? 1926
以像素为单位获取屏幕尺寸 1798
如何在没有换行或空格的情况下打印? 1760
Make .gitignore会忽略除少数文件之外的所有内容 1531
在视图控制器之间传递数据 1340