vde*_*ris 4 java spring spring-security
我已经设置了自定义身份验证提供程序:
@Configuration
@EnableWebSecurity
@EnableGlobalAuthentication
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("samlAuthenticationProvider")
SAMLAuthenticationProvider samlAuthenticationProvider;
@Override
protected void configure(HttpSecurity http) throws Exception {
/**
* Do your stuff here
*/
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(samlAuthenticationProvider);
}
}
现在,我想为身份验证管理器设置一个别名,然后我想在另一个bean定义中自动装配它.
例如:
<!-- Register authentication manager with SAML provider -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="samlAuthenticationProvider" />
</security:authentication-manager>
<!-- Processing filter for WebSSO Holder-of-Key profile -->
<bean id="samlWebSSOHoKProcessingFilter"
class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="successRedirectHandler" />
</bean>
有没有办法只在Java Config中这样做?
我不熟悉新的安全Java配置,但这是我从源代码中看到的:
@Import(AuthenticationConfiguration.class)
public @interface EnableGlobalAuthentication {}
这个注释也会导入AuthenticationConfiguration谁@Configuration.Any也@Configuration被注册为bean.所以,你可以这样做WebSecurityConfigurerAdapter:
@Autowired
public void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
this.authenticationConfiguration = authenticationConfiguration;
}
并访问AuthenticationManager:
this.authenticationConfiguration.getAuthenticationManager();
从xml的角度来看,您可以使用SpEL来访问它authenticationManager:
<property name="authenticationManager" value="#{authenticationConfiguration.authenticationManager}" />
对不起,我没有看到重点,AuthenticationManager注册为bean的位置.从这里你不能为他配置别名.
UPDATE
顺便说一句,如果你要@Autowired在AuthenticationManager其他一些组成部分,@Value前来resque:
@Value("#{authenticationConfiguration.authenticationManager}")
private AuthenticationManager authenticationManager;
UPDATE2
找到了WebSecurityConfigurerAdapter.源代码和JavaDocs:
/**
* Override this method to expose the {@link AuthenticationManager} from
* {@link #configure(AuthenticationManagerBuilder)} to be exposed as
* a Bean. For example:
*
* <pre>
* @Bean(name name="myAuthenticationManager")
* @Override
* public AuthenticationManager authenticationManagerBean() throws Exception {
* return super.authenticationManagerBean();
* }
* </pre>
*
* @return the {@link AuthenticationManager}
* @throws Exception
*/
public AuthenticationManager authenticationManagerBean() throws Exception {
return new AuthenticationManagerDelegator(authenticationBuilder);
}
UPDATE3
如何AuthenticationManager从自定义WebSecurityConfigurerAdapter和配置访问现有的SAMLWebSSOHoKProcessingFilter?
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public SAMLWebSSOHoKProcessingFilter samlFilter() {
SAMLWebSSOHoKProcessingFilter samlFilter = new SAMLWebSSOHoKProcessingFilter();
samlFilter.setAuthenticationManage(authenticationManager());
.......
return samlFilter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilter(samlFilter());
}
}
| 归档时间: |
|
| 查看次数: |
7764 次 |
| 最近记录: |