身份验证和授权工作正常。但记住我在应用程序中无法正常工作。
我使用了 Spring Security 的数据库身份验证和 LDAP 身份验证(一次仅一个)以及大量 Spring Security 自定义。
下面是我的 spring 安全上下文文件。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<context:property-placeholder location="classpath:/application.properties"/>
<http use-expressions="true">
<intercept-url pattern="/resources/**" filters="none" />
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login"/>
<logout invalidate-session="true"
logout-success-url="/"
logout-url="/logout"/>
<remember-me key="myApp2" />
<custom-filter before="FORM_LOGIN_FILTER" ref="applicationAuthenticationFilter"/>
</http>
<beans:bean id="applicationAuthenticationFilter" class="com.myApp.security.DmxAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationFailureHandler" ref="failureHandler"/>
<beans:property name="authenticationSuccessHandler" ref="successHandler"/>
<beans:property name="authenticationMethod" value="${authenticationMethod}"/>
</beans:bean>
<beans:bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/home"/>
<beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
</beans:bean>
<beans:bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login?login_error=1"/>
</beans:bean>
<beans:bean id="accessControlService" class="com.myApp.services.AccessControlService"/>
<beans:bean id="userService" class="com.myApp.services.UserService"/>
<beans:bean id="roleService" class="com.myApp.services.RoleService"/>
<beans:bean id="lookupService" class="com.myApp.services.LookupService"/>
<beans:bean id= "userDetailsService" class="com.myApp.security.DmxUsersDetailsServiceImpl">
<beans:property name="accessControlService" ref="accessControlService"/>
</beans:bean>
<beans:bean id="databaseAuthenticationProvider" class="com.myApp.security.DmxAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
<!-- <beans:property name="hideUserNotFoundExceptions" value="false"/> -->
</beans:bean>
<!-- ================ LDAP configuration STARTS here ================ -->
<beans:bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="${ldap.url}"/>
<beans:property name="userDn" value="${ldap.userDn}"/>
<beans:property name="password" value="${ldap.password}"/>
<!--
<beans:property name="baseEnvironmentProperties">
<beans:map>
<beans:entry key="java.naming.referral" value="follow" />
</beans:map>
</beans:property>
-->
</beans:bean>
<beans:bean id="ldapSearchBean" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg value="${ldap.userSearchBase}"/>
<beans:constructor-arg value="${ldap.userSearchFilter}"/>
<beans:constructor-arg ref="ldapServer"/>
</beans:bean>
<beans:bean id="ldapAuthenticationProvider" class="com.myApp.security.DmxLdapAuthenticationProvider">
<beans:constructor-arg ref="ldapBindAuthenticator"/>
<beans:constructor-arg ref="ldapAuthoritiesPopulator"/>
<beans:property name="userDetailsContextMapper" ref="ldapUserDetailsContextMapper"/>
</beans:bean>
<beans:bean id="ldapBindAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="ldapServer"/>
<beans:property name="userSearch" ref="ldapSearchBean"/>
</beans:bean>
<beans:bean id="ldapAuthoritiesPopulator" class="com.myApp.security.DmxLdapAuthoritiesPopulator">
<beans:constructor-arg ref="ldapServer" />
<beans:constructor-arg value="" />
<beans:property name="groupSearchFilter" value="${ldap.groupSearchFilter}"/>
<beans:property name="groupRoleAttribute" value="${ldap.groupRoleAttribute}" />
<beans:property name="rolePrefix" value=""/>
<beans:property name="searchSubtree" value="true"/>
<beans:property name="convertToUpperCase" value="false"/>
<beans:property name="ldapTemplate" ref="ldapTemplate"/>
</beans:bean>
<beans:bean id= "dmxUsersMapper" class="com.myApp.security.DmxUsersMapper">
<beans:property name="accessControlService" ref="accessControlService"/>
<beans:property name="userService" ref="userService"/>
<beans:property name="roleService" ref="roleService"/>
<beans:property name="lookupService" ref="lookupService"/>
<beans:property name="organizationUname" value="${organizationUname}"/>
<beans:property name="companyUname" value="${companyUname}"/>
<beans:property name="ldapUsername" value="${ldap.db.userName}"/>
<beans:property name="password" value="${ldap.db.password}"/>
</beans:bean>
<beans:bean class="com.myApp.security.DmxLdapUserDetailsMapper" id="ldapUserDetailsContextMapper">
<beans:property name="dmxUsersMapper" ref="dmxUsersMapper"/>
</beans:bean>
<beans:bean id="ldapTemplate" class="org.springframework.security.ldap.SpringSecurityLdapTemplate">
<beans:constructor-arg ref="ldapServer" />
<beans:property name="ignorePartialResultException" value="true"/>
</beans:bean>
<!-- ================ LDAP configuration ENDS here ================ -->
<authentication-manager alias="authenticationManager">
<authentication-provider ref="databaseAuthenticationProvider" />
<authentication-provider ref="ldapAuthenticationProvider"/>
</authentication-manager>
<beans:bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<beans:property name="basenames">
<beans:list>
<beans:value>com/myApp/resourceBundles/SecurityMessages</beans:value>
</beans:list>
</beans:property>
</beans:bean>
</beans:beans>
下面是我的登录页面。
<form action="j_dmx_security_filter" method="post">
<table border="0" class="section_tbl2">
<tr>
<td><label for="j_organization">Organization</label> </td>
<td> : </td>
<td><input id="j_organization" name="j_organization" size="20" maxlength="50"
type="text" class="txtinput"/></td>
</tr>
<tr>
<td> <label for="j_company">Company</label></td>
<td> : </td>
<td> <input id="j_company" name="j_company" size="20" maxlength="50"
type="text" class="txtinput"/></td>
</tr>
<tr>
<td><label for="j_username">Username</label> </td>
<td> : </td>
<td><input id="j_username" name="j_username" size="20" maxlength="50"
type="text" class="txtinput"/></td>
</tr>
<tr>
<td><label for="j_password">Password</label> </td>
<td> : </td>
<td><input id="j_password" name="j_password" size="20" maxlength="50"
type="password" class="txtinput"/></td>
</tr>
<tr>
<td></td>
<td></td>
<td> <input type="submit" value="Login"/></td>
</tr>
<tr>
<td></td>
<td></td>
<td> <input id="_spring_security_remember_me" name="_spring_security_
remember_me" type="checkbox" value="true"/>
<label for="_spring_security_remember_me">Remember Me?</label></td>
</tr>
</table>
</form>
“记住我”令牌本身并未被创建。
请帮忙。
为了提供帮助,RememberMe 的相关 beans 定义在哪里?例如
<bean id="rememberMeServices" class=
"org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="jpaUserDetailsService"/>
<property name="key" value="89dqj219dn910lsAc12"/>
</bean>
<bean id="rememberMeAuthenticationProvider" class=
"org.springframework.security.authentication.RememberMeAuthenticationProvider">
<property name="key" value="89dqj219dn910lsAc12"/>
</bean>
(这太长了,无法写成评论,所以我把它写成“答案”......抱歉)
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
