java – 配置Spring Security以使用customPasswordAuthenticatio
我已经实现了自己的LowerCaseUsernamePasswordAuthenticationFilter,它只是UsernamePasswordAuthenticationFilter的一个子类.
但是现在我的问题是如何配置Spring的安全性来使用这个过滤器. 到目前为止,我使用: <security:http auto-config="true" use-expressions="true"> <security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" /> <security:logout logout-url="/resources/j_spring_security_logout" /> <security:intercept-url pattern="/**" access="isAuthenticated()" requires-channel="${cfma.security.channel}" /> </security:http> 我真的要打开自动配置,需要手动配置所有的过滤器吗? – 如果这是真的,有人可以提供一个例子吗? 添加简单安全性的方法:自定义过滤器: <security:http ...> <security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" /> <security:custom-filter ref="lowerCaseUsernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/> ... </security:http> 确实导致该消息的异常:
解决方法
我已经通过手工编写所需的自动配置的bean来完成.这是结果:
<!-- HTTP security configurations --> <security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint"> <!-- <security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" /> replaced by lowerCaseUsernamePasswordAuthenticationFilter the custom-filter with position FORM_LOGIN_FILTER requries that auto-config is false! --> <security:custom-filter ref="lowerCaseUsernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/> <security:logout logout-url="/resources/j_spring_security_logout" /> <security:intercept-url pattern="/**" access="isAuthenticated()" /> </security:http> <bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <property name="loginFormUrl" value="/login"/> </bean> <bean id="lowerCaseUsernamePasswordAuthenticationFilter" class="com.queomedia.cfma.infrastructure.security.LowerCaseUsernamePasswordAuthenticationFilter"> <property name="filterProcessesUrl" value="/resources/j_spring_security_check"/> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationFailureHandler"> <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <property name="defaultFailureUrl" value="/login?login_error=t"/> </bean> </property> </bean> (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |