标签:spring-security siteminder spring java spring-mvc
您如何将Spring Security与SiteMinder集成在一起以接收用户和角色?
我有一个使用Spring Security’in-memory’的项目设置,我想用转换它来接受带有用户和角色的SiteMinder标头. SiteMinder是否将发送用户角色(ROLE_READ,ROLE_WRITE)并让服务层授予访问权限.您如何将内存转换为使用SiteMinder?
内存中用户角色
内存中的用户和角色列表
<authentication-manager>
<authentication-provider>
<user-service>
<user name="test" password="test" authorities="ROLE_READ" />
<user name="admin" password="admin" authorities="ROLE_READ,ROLE_WRITE" />
</user-service>
</authentication-provider>
</authentication-manager>
服务层保护
在这里,服务方法受到特定角色的保护
<beans:bean id="testService" class="com.stackoverflow.test" scope="request">
<security:intercept-methods>
<security:protect access="ROLE_WRITE" method="do*"/>
<security:protect access="ROLE_READ" method="find*"/>
</security:intercept-methods>
</beans:bean>
该来源(Spring Security Java Config for Siteminder)看起来很有希望,但始终分配有角色RoleEmployee.
解决方法:
存在Site Security的Spring Security,仅用于接收用户.但是,要获得角色,您将需要创建扩展的身份验证过程.这将使用角色对用户进行身份验证.
在root-security.xml中
<beans:bean id="userDetailsService" class="test.sm.SiteMinderUserDetailsService"/>
<beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService">
<beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:property name="userDetailsService" ref="userDetailsService" />
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="siteminderFilter" class="test.sm.SiteMinderFilter">
<beans:property name="principalRequestHeader" value="SM_USER" />
<beans:property name="rolesRequestHeader" value="SM_ROLE" />
<beans:property name="rolesDelimiter" value="," />
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="preauthAuthProvider" />
</authentication-manager>
SiteMinderUserDetailsService
public class SiteMinderUserDetailsService extends PreAuthenticatedGrantedAuthoritiesUserDetailsService implements
UserDetailsService {
@Override
public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException {
SiteMinderUserDetails userDetails = new SiteMinderUserDetails();
userDetails.setUsername(arg0);
return userDetails;
}
@Override
protected UserDetails createuserDetails(Authentication token, Collection<? extends GrantedAuthority> authorities) {
return super.createuserDetails(token, authorities);
}
}
SiteMinderUserDetails
public class SiteMinderUserDetails implements UserDetails {
// implement all methods
}
SiteMinderFilter
public class SiteMinderFilter extends RequestHeaderAuthenticationFilter {
private String rolesRequestHeader;
private String rolesDelimiter;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException, NullPointerException {
String roles = (String) ((HttpServletRequest)request).getHeader(getRolesRequestHeader());
String[] rolesArray = roles.split(rolesDelimiter);
Collection<SimpleGrantedAuthority> auth = new ArrayList<SimpleGrantedAuthority>();
for (String s : rolesArray) {
auth.add(new SimpleGrantedAuthority(s));
}
SiteMinderUserDetails userDetails = new SiteMinderUserDetails();
userDetails.setUsername((String) super.getPreAuthenticatedPrincipal(((HttpServletRequest)request)));
userDetails.setAuthorities(auth);
AuthenticationImpl authentication = new AuthenticationImpl();
authentication.setAuthenticated(true);
authentication.setAuthorities(auth);
authentication.setPrincipal(userDetails);
authentication.setCredentials(super.getPreAuthenticatedCredentials(((HttpServletRequest)request)));
SecurityContextHolder.getContext().setAuthentication(authentication);
super.doFilter(request, response, chain);
}
public SiteMinderFilter() {
super();
}
@Override
public void setPrincipalRequestHeader(String principalRequestHeader) {
super.setPrincipalRequestHeader(principalRequestHeader);
}
public void setRolesRequestHeader(String rolesRequestHeader) {
this.rolesRequestHeader = rolesRequestHeader;
}
public String getRolesRequestHeader() {
return rolesRequestHeader;
}
public void setRolesDelimiter(String rolesDelimiter) {
this.rolesDelimiter = rolesDelimiter;
}
public String getRolesDelimiter() {
return rolesDelimiter;
}
}
身份验证Impl
public class AuthenticationImpl implements Authentication {
// implement all methods
}
标签:spring-security,siteminder,spring,java,spring-mvc 来源: https://codeday.me/bug/20191029/1961801.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。