Wil*_*lBD 3 spring-security atlassian-crowd spring-boot
我们使用许多基于Spring安全性构建的spring boot项目来提供用于多种目的的小型Web应用程序.我们正在考虑转而使用Crowd作为中央身份验证提供程序,但是我在配置使用java风格bean而不是提供的XML配置的spring boot方面遇到了很多麻烦,因为这不再是推荐的配置(请参阅http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#using-boot-configuration-classes以验证java-bean样式配置是首选方式).
我的安全基本测试应用程序的安全配置设置如下:
WebSecurityConfig.java
package hello;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
我真的很难过如何修改它以适应Crowd内置的springsecurity集成.(特别是com.atlassian.crowd:crowd-integration-springsecurity:2.8.3).我试图用来尝试通过标准配置注释类来引导功能的XML如下:
的applicationContext-security.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<!--
<debug />
<beans:alias name="springSecurityFilterChain" alias="org.springframework.security.filterChainProxy"/>
-->
<!-- Added for Integrating Crowd with Spring Security -->
<!-- 3.1 Configuring Centralised User Management -->
<!-- 3.1.1 -->
<beans:bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
<beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/>
<beans:property name="userManager" ref="crowdUserManager"/>
<beans:property name="authorityPrefix" value="ROLE_"/>
<!--
<beans:property name="groupToAuthorityMappings">
<beans:bean factory-bean="groupToAuthorityMappings" factory-method="entrySet" />
</beans:property>
-->
</beans:bean>
<!--
<util:map id="groupToAuthorityMappings">
<beans:entry key="crowd-administrators" value="ROLE_crowd-administrators" />
<beans:entry key="some-other-group" value="specific-authority-for-other-group" />
</util:map>
-->
<!-- 3.1.2 -->
<beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
<beans:constructor-arg ref="crowdAuthenticationManager"/>
<beans:constructor-arg ref="httpAuthenticator"/>
<beans:constructor-arg ref="crowdUserDetailsService"/>
</beans:bean>
<!-- 3.2 -->
<http pattern="/console/static/session-context"
entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint">
</http>
<http pattern='/console/static/**' security='none'/>
<http auto-config="false"
entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint"
access-denied-page="/denied.html">
<custom-filter position="FORM_LOGIN_FILTER" ref='authenticationProcessingFilter'/>
<custom-filter position="LOGOUT_FILTER" ref='logoutFilter'/>
<intercept-url pattern="/console/secure/**" access="ROLE_crowd-administrators"/>
<intercept-url pattern="/console/user/**" access="IS_AUTHENTICATED_FULLY"/>
<intercept-url pattern="/console/resource-with-own-check/**" access='IS_AUTHENTICATED_ANONYMOUSLY'/>
</http>
<authentication-manager alias='authenticationManager'>
<authentication-provider ref='crowdAuthenticationProvider'/>
</authentication-manager>
<beans:bean id="crowdAuthenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.html"/>
</beans:bean>
<beans:bean id="authenticationProcessingFilter" class="com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="filterProcessesUrl" value="/j_security_check"/>
<beans:property name="authenticationFailureHandler">
<beans:bean class="com.atlassian.crowd.integration.springsecurity.UsernameStoringAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/console/login.action?error=true"/>
</beans:bean>
</beans:property>
<beans:property name="authenticationSuccessHandler">
<beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/console/defaultstartpage.action"/>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="crowdLogoutHandler" class="com.atlassian.crowd.integration.springsecurity.CrowdLogoutHandler">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
</beans:bean>
<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg value="/login.html"/>
<beans:constructor-arg>
<beans:list>
<beans:ref bean="crowdLogoutHandler"/>
<beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</beans:list>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/console/logoff.action"/>
</beans:bean>
以上是我可以在任何地方找到的XML安全文件的最新综合示例,它与spring security 4.0不兼容(如果增加版本,则会在整个地方出现xml违规).我无法分辨出httpAuthenticator在何处/如何解决,因为我没有看到任何具有该ID的bean,这使得它非常麻烦.
任何帮助将非常感激,我已经投入了几天,现在很少/没有结果.
额外信息:
运行spring boot version 1.3.1-Release,spring security version 4.0
所以,我认为我实际上已经想到了这一点,它至少给了我一个跳跃点来进一步定制spring boot集成.魔术的主要部分是WebSecurityConfig类,现在看起来如下所示:
WebSecurityConfig.java:
package hello;
import com.atlassian.crowd.integration.http.HttpAuthenticator;
import com.atlassian.crowd.integration.http.HttpAuthenticatorImpl;
import com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider;
import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsService;
import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl;
import com.atlassian.crowd.service.AuthenticationManager;
import com.atlassian.crowd.service.GroupManager;
import com.atlassian.crowd.service.UserManager;
import com.atlassian.crowd.service.cache.BasicCache;
import com.atlassian.crowd.service.cache.CacheImpl;
import com.atlassian.crowd.service.cache.CachingGroupManager;
import com.atlassian.crowd.service.cache.CachingGroupMembershipManager;
import com.atlassian.crowd.service.cache.CachingUserManager;
import com.atlassian.crowd.service.cache.SimpleAuthenticationManager;
import com.atlassian.crowd.service.soap.client.SecurityServerClient;
import com.atlassian.crowd.service.soap.client.SecurityServerClientImpl;
import com.atlassian.crowd.service.soap.client.SoapClientPropertiesImpl;
import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
public static Properties getProps() throws IOException{
Properties prop = new Properties();
try(InputStream in = Thread.currentThread().getContextClassLoader().getResourceAsStream("crowd.properties")){
prop.load(in);
}
return prop;
}
@Bean
public SecurityServerClient securityServerClient() throws IOException{
return new SecurityServerClientImpl(SoapClientPropertiesImpl.newInstanceFromProperties(getProps()));
}
private final BasicCache cache = new CacheImpl(Thread.currentThread().getContextClassLoader().getResource("crowd-ehcache.xml"));
@Bean
public AuthenticationManager crowdAuthenticationManager() throws IOException{
return new SimpleAuthenticationManager(securityServerClient());
}
@Bean
public HttpAuthenticator httpAuthenticator() throws IOException{
return new HttpAuthenticatorImpl(crowdAuthenticationManager());
}
@Bean
public UserManager userManager() throws IOException{
return new CachingUserManager(securityServerClient(), cache);
}
@Bean
public GroupManager groupManager() throws IOException{
return new CachingGroupManager(securityServerClient(), cache);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(crowdAuthenticationProvider());
}
@Bean
public CrowdUserDetailsService crowdUserDetailsService() throws IOException{
CrowdUserDetailsServiceImpl cusd = new CrowdUserDetailsServiceImpl();
cusd.setUserManager(userManager());
cusd.setGroupMembershipManager(new CachingGroupMembershipManager(securityServerClient(), userManager(),groupManager(),cache));
cusd.setAuthorityPrefix("ROLE_");
return cusd;
}
@Bean
RemoteCrowdAuthenticationProvider crowdAuthenticationProvider() throws IOException{
return new RemoteCrowdAuthenticationProvider(crowdAuthenticationManager(), httpAuthenticator(), crowdUserDetailsService());
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("ROLE_USER");
}
}
最困难的部分是弄清楚如何设置bean,这根本没有记录,因为它之前都是XML魔术.现在,假设您拥有正确的crowd.properties文件和正确的EhCache文件设置(也可以使用java bean删除,但这不那么令人难以置信),您可以以纯粹的Java方式使用人群集成.
使这项工作的build.gradle如下所示:
的build.gradle:
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:1.3.1.RELEASE")
}
}
if (!hasProperty('mainClass')) {
ext.mainClass = 'hello.Application'
}
apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'idea'
apply plugin: 'spring-boot'
jar {
baseName = 'gs-securing-web'
version = '0.1.0'
}
repositories {
maven {
url = 'https://m2proxy.atlassian.com/repository/public'
}
mavenCentral()
}
sourceCompatibility = 1.8
targetCompatibility = 1.8
dependencies {
compile "commons-codec:commons-codec:1.10"
compile "org.springframework.boot:spring-boot-starter-web"
compile "org.springframework.boot:spring-boot-starter"
compile "org.springframework:spring-tx"
compile 'org.springframework.boot:spring-boot-starter-security'
compile 'org.springframework.boot:spring-boot-starter-thymeleaf'
compile (group: "com.atlassian.crowd", name: "crowd-integration-springsecurity", version: "2.8.+"){
exclude (group: 'org.apache.ws.commons');
}
compile 'org.slf4j:slf4j-api'
compile "org.codehaus.groovy:groovy"
compile "org.codehaus.groovy:groovy-json:2.3.8"
}
task wrapper(type: Wrapper) {
gradleVersion = '2.10'
}
而已!然后正确地引导认证以利用人群springsecurity接口.现在,值得一提的是,我还没有玩过如何将它交给各种角色/等等.但这应该让我继续前进.此外,这不包括SSO代码,我还没有完全弄清楚.所以,一旦我得到它,我会在某个地方发布一个更彻底的方法.
| 归档时间: |
|
| 查看次数: |
1756 次 |
| 最近记录: |