Authentication 将Tomcat NTLM与Spring Security结合使用
我正在使用SpringSecurity2和SpringMVC。我将要使用的tomcat容器已经有了NTLM支持,并且在请求头中转发用户名之前,只向经过身份验证的用户提供访问权限 我试着编写一个自定义的AutenticationEntryPoint,其思想是不需要表单/http基本登录,因为请求头已经包含了userid。但到目前为止,我还没有找到实现这一目标的方法 如有任何想法和建议,将不胜感激Authentication 将Tomcat NTLM与Spring Security结合使用,authentication,tomcat,ntlm,spring-security,Authentication,Tomcat,Ntlm,Spring Security,我正在使用SpringSecurity2和SpringMVC。我将要使用的tomcat容器已经有了NTLM支持,并且在请求头中转发用户名之前,只向经过身份验证的用户提供访问权限 我试着编写一个自定义的AutenticationEntryPoint,其思想是不需要表单/http基本登录,因为请求头已经包含了userid。但到目前为止,我还没有找到实现这一目标的方法 如有任何想法和建议,将不胜感激 谢谢。看看。也许Waffle本身不是您想要的,但它有一个spring安全过滤器实现,它位于您试图实现的
谢谢。看看。也许Waffle本身不是您想要的,但它有一个spring安全过滤器实现,它位于您试图实现的目标的接收端。我实际上发现spring安全性对预认证安全性有本机支持。特别是,我查看了org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter,它附带了许多实现,其中 RequestHeaderPreAuthenticatedProcessingFilter似乎最有用。或者,还可以通过扩展AbstractPreAuthenticatedProcessingFilter编写自定义过滤器。完成后,您还需要在应用程序上下文中定义一个自定义入口点,以及SpringSecurity所需的其他依赖项。很抱歉,我赶时间,没有时间正确格式化。希望这有帮助
<bean id="customEntryPoint"
class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" />
<bean id="preauthAuthProvider"
class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
<security:custom-authentication-provider />
<property name="preAuthenticatedUserDetailsService">
<bean id="userDetailsServiceWrapper"
class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
</property>
</bean>
<bean id="userDetailsService" class="yourimplementation.CustomUserDetailsService" />
<security:http auto-config="false"
access-decision-manager-ref="accessDecisionManager"
entry-point-ref="customEntryPoint">
<security:intercept-url pattern="/*" access="permitAll" />
</security:http>
<security:authentication-manager alias="authenticationManager" />
<bean id="preauthAuthProvider"
class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
<security:custom-authentication-provider />
<property name="preAuthenticatedUserDetailsService">
<bean id="userDetailsServiceWrapper"
class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
</property>
</bean>
<bean id="userDetailsService" class="yourimplementation.CustomUserDetailsService" />
<security:http auto-config="false"
access-decision-manager-ref="accessDecisionManager"
entry-point-ref="customEntryPoint">
<security:intercept-url pattern="/*" access="permitAll" />
</security:http>
<security:authentication-manager alias="authenticationManager" />
<bean id="preauthAuthProvider"
class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
<security:custom-authentication-provider />
<property name="preAuthenticatedUserDetailsService">
<bean id="userDetailsServiceWrapper"
class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
</property>
</bean>
<bean id="userDetailsService" class="yourimplementation.CustomUserDetailsService" />
<security:http auto-config="false"
access-decision-manager-ref="accessDecisionManager"
entry-point-ref="customEntryPoint">
<security:intercept-url pattern="/*" access="permitAll" />
</security:http>
<security:authentication-manager alias="authenticationManager" />
事实上,我发现Spring security对预认证安全性具有本机支持。特别是,我查看了org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter,它附带了许多实现,其中RequestHeaderPreAuthenticatedProcessingFilter似乎最有用。