Spring security 规避春季安全
在我们的应用程序中,spring security使用ldap作为提供者 我正在进行一项更改,允许您在dev中翻转一个标志,如果您的用户/密码与数据库中的值匹配,则允许您登录。ldap服务器可能已关闭,您仍可以登录 但我意识到有些URL是用Spring security 规避春季安全,spring-security,Spring Security,在我们的应用程序中,spring security使用ldap作为提供者 我正在进行一项更改,允许您在dev中翻转一个标志,如果您的用户/密码与数据库中的值匹配,则允许您登录。ldap服务器可能已关闭,您仍可以登录 但我意识到有些URL是用 @Secured( {"ROLE_USER","ROLE_MERCHANT"}) 因此,为了让我的登录正常工作,我还需要与spring security进行一些交易。如何执行此操作?您可以配置两个提供程序:一个LDAP提供程序和另一个DAO提供程序 <
@Secured( {"ROLE_USER","ROLE_MERCHANT"})
因此,为了让我的登录正常工作,我还需要与spring security进行一些交易。如何执行此操作?您可以配置两个提供程序:一个LDAP提供程序和另一个DAO提供程序
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="yourLdapAuthenticationProvider" />
<sec:authentication-provider ref="yourDaoAuthenticationProvider" />
</sec:authentication-manager>
yourDaoAuthenticationProvider<sec:http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
<sec:logout logout-success-url="/login.jsp"/>
<sec:intercept-url ... />
<sec:custom-filter position="FORM_LOGIN_FILTER" ref="myAuthenticationFilter"/>
</sec:http>
<bean id="myAuthenticationFilter" class="[YOUR_CUSTOM_AUTHENTICATION_FILTER]">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler" ref="failureHandler"/>
<property name="authenticationSuccessHandler" ref="successHandler"/>
</bean>
<bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login.jsp"/>
</bean>
<bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/welcome.jsp"/>
<property name="alwaysUseDefaultTargetUrl" value="true"/>
</bean>
<bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login.jsp?login_error=1"/>
</bean>
<bean id="yourLdapAuthenticationProvider" ... />
<bean id="yourDaoAuthenticationProvider" ... />
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="yourLdapAuthenticationProvider"/>
<sec:authentication-provider ref="yourDaoAuthenticationProvider"/>
</sec:authentication-manager>
<sec:http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
<sec:logout logout-success-url="/login.jsp"/>
<sec:intercept-url ... />
<sec:custom-filter position="FORM_LOGIN_FILTER" ref="myAuthenticationFilter"/>
</sec:http>
<bean id="myAuthenticationFilter" class="[YOUR_CUSTOM_AUTHENTICATION_FILTER]">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler" ref="failureHandler"/>
<property name="authenticationSuccessHandler" ref="successHandler"/>
</bean>
<bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login.jsp"/>
</bean>
<bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/welcome.jsp"/>
<property name="alwaysUseDefaultTargetUrl" value="true"/>
</bean>
<bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login.jsp?login_error=1"/>
</bean>
<bean id="yourLdapAuthenticationProvider" ... />
<bean id="yourDaoAuthenticationProvider" ... />
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="yourLdapAuthenticationProvider"/>
<sec:authentication-provider ref="yourDaoAuthenticationProvider"/>
</sec:authentication-manager>