Spring中的自定义身份验证
我有一个问题。在Struts中,我有一个处理用户身份验证的Action,即我获取了用户的凭据并使用DAO来验证用户凭据。我想在Spring中保持相同的设置。我正在使用Spring 3.0.3 RELEASE。
I have a question. In Struts, I have an Action that deals with user authentication, i.e., I took the user's credentials and used a DAO to validate user credentials. I want to maintain the same setup in Spring. I'm using Spring 3.0.3 RELEASE.
我的问题是,我读过Spring Security,并在那里指定JDBC后端验证提供程序。我想知道,如果用户点击登录它会将凭据提交给我的控制器以检查有效身份验证,该怎么办?
My question is, I've read Spring Security and in there it specifies JDBC backend "Validation" provider. I want to know, how would, if the user clicked "login" that it submits the credentials to my controller to check for valid authentication?
我想做的原因这就是我有一个处理用户身份验证和授权的服务。
The reason I want to do this that way is that I have a Service that handles user authentication and authorization.
提前致谢。
PS 如何在Spring中使某些控制器安全?
PPS 我是Spring的新手
PS How do I make some controller secure in Spring?
PPS I'm new to Spring
你可以创建一个自定义身份验证提供程序,它实现 org.springframework.security.authentication.AuthenticationProvider 这样的
You can create a custom authentication provider that implements org.springframework.security.authentication.AuthenticationProvider like this
package com.bzone.example;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
public class CustomAuthenticationProvider implements AuthenticationProvider{
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
// TODO call custom service or do whatever you want
return null;
}
@Override
public boolean supports(Class<? extends Object> authentication) {
// copied it from AbstractUserDetailsAuthenticationProvider
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
}
}
再一步是配置弹簧使用此自定义身份验证提供程序的安全性
one more step is to configure spring security to use this custom authentication provider
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/static/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t"/>
<logout logout-url="/static/j_spring_security_logout"/>
<!-- Configure these elements to secure URIs in your application -->
<intercept-url pattern="/member/**" access="isAuthenticated()" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/static/**" access="permitAll" />
<intercept-url pattern="/**" access="permitAll" />
</http>
<!-- Configure Authentication mechanism -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="com.bzone.example.CustomAuthenticationProvider" />
</authentication-manager>
</beans:beans>