java – 配置Spring Security以使用customPasswordAuthenticationFilter

前端之家收集整理的这篇文章主要介绍了java – 配置Spring Security以使用customPasswordAuthenticationFilter前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我已经实现了自己的LowerCaseUsernamePasswordAuthenticationFilter,它只是UsernamePasswordAuthenticationFilter的一个子类.

但是现在我的问题是如何配置Spring的安全性来使用这个过滤器.

到目前为止,我使用:

<security:http auto-config="true" use-expressions="true">
    <security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
    <security:logout logout-url="/resources/j_spring_security_logout" />

    <security:intercept-url pattern="/**" access="isAuthenticated()" requires-channel="${cfma.security.channel}" />
</security:http>

我真的要打开自动配置,需要手动配置所有的过滤器吗? – 如果这是真的,有人可以提供一个例子吗?

添加简单安全性的方法自定义过滤器:

<security:http ...>

   <security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
   <security:custom-filter ref="lowerCaseUsernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/>
   ...
 </security:http>

确实导致该消息的异常:

Configuration problem: Filter beans <lowerCaseUsernamePasswordAuthenticationFilter> and ‘Root bean: class [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factorybeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null’ have the same ‘order’ value. When using custom filters,please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from and avoiding the use of .

解决方法

我已经通过手工编写所需的自动配置的bean来完成.这是结果:
<!-- HTTP security configurations -->
<security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">

    <!--
    <security:form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
        replaced by lowerCaseUsernamePasswordAuthenticationFilter
        the custom-filter with position FORM_LOGIN_FILTER requries that auto-config is false!
     -->
    <security:custom-filter ref="lowerCaseUsernamePasswordAuthenticationFilter" position="FORM_LOGIN_FILTER"/>
    <security:logout logout-url="/resources/j_spring_security_logout" />

    <security:intercept-url pattern="/**" access="isAuthenticated()" />
</security:http>

<bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <property name="loginFormUrl" value="/login"/>
</bean>

<bean id="lowerCaseUsernamePasswordAuthenticationFilter"
    class="com.queomedia.cfma.infrastructure.security.LowerCaseUsernamePasswordAuthenticationFilter">
    <property name="filterProcessesUrl" value="/resources/j_spring_security_check"/>
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureHandler">
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <property name="defaultFailureUrl" value="/login?login_error=t"/>       
        </bean>
    </property>
</bean>
原文链接:https://www.f2er.com/java/125271.html

猜你在找的Java相关文章