Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/security/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
使用spring security组合x509证书和表单登录_Spring_Security_Authentication_Login_X509 - Fatal编程技术网
Fatal编程技术网
  • spring/
  • 使用spring security组合x509证书和表单登录

使用spring security组合x509证书和表单登录

spring security authentication login

使用spring security组合x509证书和表单登录,spring,security,authentication,login,x509,Spring,Security,Authentication,Login,X509,我想将我的web应用程序配置为支持表单登录(数据库凭据)或使用x509证书(eId读卡器),是否可能 applicationContext-security.xml: <http use-expressions="true"> <session-management invalid-session-url="${logout.url}" session-fixation-protection="newSession" > &l

我想将我的web应用程序配置为支持表单登录(数据库凭据)或使用x509证书(eId读卡器),是否可能

applicationContext-security.xml:

    <http use-expressions="true">
        <session-management invalid-session-url="${logout.url}" session-fixation-protection="newSession" >
           <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
        </session-management>

        <intercept-url pattern="/index.zul" requires-channel="http" access="IS_AUTHENTICATED_ANONYMOUSLY" />        
        <intercept-url pattern="/restricted/admin/**" requires-channel="https" access="hasRole('ROLE_ADMIN')"  />       
        <intercept-url pattern="/restricted/**" requires-channel="https" access="hasAnyRole('ROLE_PUBLIC', 'ROLE_VDL', 'ROLE_ADMIN', 'ROLE_READ_ONLY')" />
        <x509 subject-principal-regex="SERIALNUMBER=(.*?)," user-service-ref="userDetailsService" />       


       <form-login login-page="/index.zul" default-target-url="/restricted/index.zul"
                    authentication-failure-url="/denied.html"
                    login-processing-url="/j_spring_security_check"/>
        <logout logout-success-url="/index.zul" invalidate-session="true" />
        <access-denied-handler error-page="/denied.html"></access-denied-handler>
</http>

<authentication-manager alias="authenticationManager">
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource" id="userDetailsService"
                               authorities-by-username-query="SELECT u.username, a.authority
                                            FROM users u
                                            LEFT JOIN users_authorities ua ON u.username=ua.users_username
                                            LEFT JOIN authorities a ON ua.authorities_id=a.id
                                            WHERE username=?" />
        </authentication-provider>
</authentication-manager>

<beans:bean id="dataSource"
        class="org.springframework.jdbc.datasource.DriverManagerDataSource">
        <beans:property name="driverClassName" value="${jdbc.driverClassName}" />
        <beans:property name="url" value="${jdbc.url}" />
        <beans:property name="username" value="${jdbc.username}" />
        <beans:property name="password" value="${jdbc.password}" />
</beans:bean>
登录表单工作正常,但证书登录不起作用,我确信有合适的方法将两个系统结合在一起,但我在网上没有找到任何完整的教程,有人能帮我吗

提前感谢。

感谢您的评论和建议,我更改了配置,看起来效果不错,这是我新的应用程序上下文安全文件:

<http use-expressions="true" auto-config="true" access-denied-page="/denied"
      authentication-manager-ref="authenticationManager">

    <intercept-url pattern="/index"  access="permitAll"  />
    <intercept-url pattern="/restricted/admin"  access="hasRole('ROLE_ADMIN')" requires-channel="https"  />
    <intercept-url pattern="/restricted" requires-channel="https"  access="hasAnyRole('ROLE_PUBLIC', 'ROLE_VDL', 'ROLE_ADMIN', 'ROLE_READ_ONLY')" />

    <form-login login-page="/index.zul" default-target-url="/restricted/index.zul"
                authentication-failure-url="/denied.html"
                login-processing-url="/j_spring_security_check"/>
    <x509 subject-principal-regex="SERIALNUMBER=(.*?)," user-service-ref="x509DS" />
    <logout logout-success-url="/index.zul" invalidate-session="true"  /> <!--${logout.url}-->
</http>


<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
    <beans:property name="providers">
        <beans:list>
            <beans:ref bean="authenticationProvider" />
        </beans:list>
    </beans:property>
</beans:bean>

<beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <beans:property name="userDetailsService" ref="formDS"  />
</beans:bean>

<jdbc-user-service data-source-ref="dataSource" id="formDS"
                                        authorities-by-username-query="SELECT u.username, a.authority
                                        FROM users u
                                        LEFT JOIN users_authorities ua ON u.username=ua.users_username
                                        LEFT JOIN authorities a ON ua.authorities_id=a.id
                                        WHERE username=? AND u.canlogwithform=TRUE
                                        AND expirationdate >= now() " />

<jdbc-user-service data-source-ref="dataSource" id="x509DS" authorities-by-username-query="SELECT u.username, a.authority
                                        FROM users u
                                        LEFT JOIN users_authorities ua ON u.username=ua.users_username
                                        LEFT JOIN authorities a ON ua.authorities_id=a.id
                                        WHERE username=?"  />
我肯定你读过了?如果是,你会得到什么错误?
userDetailsService
bean是否获得任何序列号?是的,但我是spring security的新手,错过了幕后发生的事情……我没有收到错误,但似乎是冲突,我修改了配置,现在可以正常工作了