Java 我的SpringWebMVC应用程序中的双向登录
基于SpringWebMVC构建的应用程序。Spring安全版本是3.1.0。应用程序已具有基于登录表单的身份验证系统 现在,我想为整个应用程序介绍另一个身份验证系统(以及现有的身份验证系统)。对新认证系统的要求如下:Java 我的SpringWebMVC应用程序中的双向登录,java,spring-mvc,authentication,spring-security,basic-authentication,Java,Spring Mvc,Authentication,Spring Security,Basic Authentication,基于SpringWebMVC构建的应用程序。Spring安全版本是3.1.0。应用程序已具有基于登录表单的身份验证系统 现在,我想为整个应用程序介绍另一个身份验证系统(以及现有的身份验证系统)。对新认证系统的要求如下: 用户将到达特定的控制器终点 浏览器将向服务器生成一个请求,请求头将包含一个加密令牌作为凭据 服务器将读取令牌并解密令牌 服务器将验证从解密令牌获取的用户信息 成功验证后,服务器将重定向到主应用程序url(例如example.com) 为了达到这些要求:我已实施如下: Spring
<bean id="authEntryPoint" class="com.example.authProvider.AuthEntryPoint"/>
<bean id="authFilter" class="com.example.authProvider.AuthFilter"/>
<bean id="authProvider" class="com.example.authProvider.AuthProvider" />
<http pattern="/**/basic-login.html" create-session="stateless" use- expressions="true" auto-config="true"
authentication-manager-ref="authManager">
<intercept-url pattern="/secure/**" access="isFullyAuthenticated()"/>
<http-basic entry-point-ref="authEntryPoint"/>
<custom-filter ref="authFilter" before="FORM_LOGIN_FILTER" />
</http>
<authentication-manager id="authManager">
<authentication-provider ref="authProvider" />
</authentication-manager>
public class AuthFilter extends OncePerRequestFilter{
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String xAuth = request.getHeader("Authorization");
String info = request.getHeader("encryptedInfo");
//decrypt the info and verify the info. if info not valid throw 401 status.
if (info != valid) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Token-invalid");
} else {
filterChain.doFilter(request, response);
}
}
}
public class AuthProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
String password = (String) authentication.getCredentials();
User user= loadUserFromDB(username);
return new UsernamePasswordAuthenticationToken(user, password, authorities);
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
private User loadUserFromDB(String username)
throws UsernameNotFoundException, DataAccessException {
//implement to load user from db
return new User(username, password, true,
true, true, true,
Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
}
}
公共类AuthProvider实现AuthenticationProvider{
@凌驾
公共身份验证(身份验证)引发AuthenticationException{
字符串username=authentication.getName();
字符串密码=(字符串)身份验证。getCredentials();
用户=loadUserFromDB(用户名);
返回新的用户名PasswordAuthenticationToken(用户、密码、权限);
}
@凌驾
公共布尔支持(类身份验证){
返回authentication.equals(UsernamePasswordAuthenticationToken.class);
}
私有用户loadUserFromDB(字符串用户名)
抛出UsernameNotFoundException、DataAccessException{
//实现从数据库加载用户
返回新用户(用户名、密码、true、,
真的,真的,真的,,
Collections.singletonList(新的SimpleGrantedAuthority(“角色用户”));
}
}
为了澄清,请查看
public class AuthProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
String password = (String) authentication.getCredentials();
User user= loadUserFromDB(username);
return new UsernamePasswordAuthenticationToken(user, password, authorities);
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
private User loadUserFromDB(String username)
throws UsernameNotFoundException, DataAccessException {
//implement to load user from db
return new User(username, password, true,
true, true, true,
Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
}
}