使用spring security组合x509证书和表单登录
我想将我的web应用程序配置为支持表单登录(数据库凭据)或使用x509证书(eId读卡器),是否可能 applicationContext-security.xml:使用spring security组合x509证书和表单登录,spring,security,authentication,login,x509,Spring,Security,Authentication,Login,X509,我想将我的web应用程序配置为支持表单登录(数据库凭据)或使用x509证书(eId读卡器),是否可能 applicationContext-security.xml: <http use-expressions="true"> <session-management invalid-session-url="${logout.url}" session-fixation-protection="newSession" > &l
<http use-expressions="true">
<session-management invalid-session-url="${logout.url}" session-fixation-protection="newSession" >
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
<intercept-url pattern="/index.zul" requires-channel="http" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/restricted/admin/**" requires-channel="https" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/restricted/**" requires-channel="https" access="hasAnyRole('ROLE_PUBLIC', 'ROLE_VDL', 'ROLE_ADMIN', 'ROLE_READ_ONLY')" />
<x509 subject-principal-regex="SERIALNUMBER=(.*?)," user-service-ref="userDetailsService" />
<form-login login-page="/index.zul" default-target-url="/restricted/index.zul"
authentication-failure-url="/denied.html"
login-processing-url="/j_spring_security_check"/>
<logout logout-success-url="/index.zul" invalidate-session="true" />
<access-denied-handler error-page="/denied.html"></access-denied-handler>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource" id="userDetailsService"
authorities-by-username-query="SELECT u.username, a.authority
FROM users u
LEFT JOIN users_authorities ua ON u.username=ua.users_username
LEFT JOIN authorities a ON ua.authorities_id=a.id
WHERE username=?" />
</authentication-provider>
</authentication-manager>
<beans:bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="${jdbc.driverClassName}" />
<beans:property name="url" value="${jdbc.url}" />
<beans:property name="username" value="${jdbc.username}" />
<beans:property name="password" value="${jdbc.password}" />
</beans:bean>
登录表单工作正常,但证书登录不起作用,我确信有合适的方法将两个系统结合在一起,但我在网上没有找到任何完整的教程,有人能帮我吗
提前感谢。感谢您的评论和建议,我更改了配置,看起来效果不错,这是我新的应用程序上下文安全文件:
<http use-expressions="true" auto-config="true" access-denied-page="/denied"
authentication-manager-ref="authenticationManager">
<intercept-url pattern="/index" access="permitAll" />
<intercept-url pattern="/restricted/admin" access="hasRole('ROLE_ADMIN')" requires-channel="https" />
<intercept-url pattern="/restricted" requires-channel="https" access="hasAnyRole('ROLE_PUBLIC', 'ROLE_VDL', 'ROLE_ADMIN', 'ROLE_READ_ONLY')" />
<form-login login-page="/index.zul" default-target-url="/restricted/index.zul"
authentication-failure-url="/denied.html"
login-processing-url="/j_spring_security_check"/>
<x509 subject-principal-regex="SERIALNUMBER=(.*?)," user-service-ref="x509DS" />
<logout logout-success-url="/index.zul" invalidate-session="true" /> <!--${logout.url}-->
</http>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref bean="authenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="formDS" />
</beans:bean>
<jdbc-user-service data-source-ref="dataSource" id="formDS"
authorities-by-username-query="SELECT u.username, a.authority
FROM users u
LEFT JOIN users_authorities ua ON u.username=ua.users_username
LEFT JOIN authorities a ON ua.authorities_id=a.id
WHERE username=? AND u.canlogwithform=TRUE
AND expirationdate >= now() " />
<jdbc-user-service data-source-ref="dataSource" id="x509DS" authorities-by-username-query="SELECT u.username, a.authority
FROM users u
LEFT JOIN users_authorities ua ON u.username=ua.users_username
LEFT JOIN authorities a ON ua.authorities_id=a.id
WHERE username=?" />
我肯定你读过了?如果是,你会得到什么错误?
userDetailsService
bean是否获得任何序列号?是的,但我是spring security的新手,错过了幕后发生的事情……我没有收到错误,但似乎是冲突,我修改了配置,现在可以正常工作了