Spring Security 3 证书登录
来源:互联网 发布:淘宝网新款毛衣 编辑:程序博客网 时间:2024/06/04 17:44
默认情况下ss3的<x509>标签只会取证书主题作为验证条件,如果想要自己指定证书的某一部分作为验证条件需要手动实现X509PrincipalExtractor接口:
- import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
- public class MyX509PrincipalExtractor implements X509PrincipalExtractor{
- Logger logger = LoggerFactory.getLogger(this.getClass());
- /**
- * 获取证书序列号
- * @param cert x509证书对象
- */
- @Override
- public Object extractPrincipal(X509Certificate cert) {
- String serialNumber = cert.getSerialNumber().toString(16);//取证书序列号作为判断条件
- return serialNumber;
- }
- }
import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;public class MyX509PrincipalExtractor implements X509PrincipalExtractor{Logger logger = LoggerFactory.getLogger(this.getClass());/** * 获取证书序列号 * @param cert x509证书对象 */@Overridepublic Object extractPrincipal(X509Certificate cert) {String serialNumber = cert.getSerialNumber().toString(16);//取证书序列号作为判断条件return serialNumber;}}
实现用户描述接口:
- public class MyUserAuthority implements UserDetails{
- ……
- }
public class MyUserAuthority implements UserDetails{……}
载入用户信息:
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
- import org.springframework.security.core.userdetails.UserDetails;
- import org.springframework.security.core.userdetails.UsernameNotFoundException;
- /**
- *
- * Company: xxx公司 <br>
- *
- * Description: 用户信息载入服务
- *
- * <br>Copyright: Copyright (c) 2010 - 2015
- *
- * <br>Author: JLCON
- * <br>Created:2010-9-17
- *
- * <br>Modified:2010-9-17
- *
- * <br>version:V1.0
- */
- public class MyUserDetailService implements AuthenticationUserDetailsService{
- Logger logger = LoggerFactory.getLogger(this.getClass());
- //载入用户信息
- @Autowired
- private UserAuthorityInfo userinfo;
- /**
- * 用户信息载入
- * @param token 认证token
- */
- @Override
- public UserDetails loadUserDetails(Authentication token)
- throws UsernameNotFoundException {//这里得到的就是刚才返回的证书ID
- return userinfo.getUserDetails(token.getPrincipal().toString());
- }
- }
import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.Authentication;import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UsernameNotFoundException;/** * * Company: xxx公司 <br> * * Description: 用户信息载入服务 * * <br>Copyright: Copyright (c) 2010 - 2015 * * <br>Author: JLCON * <br>Created:2010-9-17 * * <br>Modified:2010-9-17 * * <br>version:V1.0 */public class MyUserDetailService implements AuthenticationUserDetailsService{Logger logger = LoggerFactory.getLogger(this.getClass()); //载入用户信息@Autowiredprivate UserAuthorityInfo userinfo;/** * 用户信息载入 * @param token 认证token */@Overridepublic UserDetails loadUserDetails(Authentication token)throws UsernameNotFoundException {//这里得到的就是刚才返回的证书IDreturn userinfo.getUserDetails(token.getPrincipal().toString());}}
通过URL获取该URL具有的访问属性:
- public class X509securityMetadataSource implements FilterInvocationSecurityMetadataSource{
- import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
- …………
- @Override
- public Collection<ConfigAttribute> getAttributes(Object object)
- throws IllegalArgumentException {
- String url = ((FilterInvocation)object).getRequestUrl();
- ………………
- return list;
- }
- @Override
- public boolean supports(Class<?> clazz) {
- return true;
- }
- }
public class X509securityMetadataSource implements FilterInvocationSecurityMetadataSource{import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;…………@Overridepublic Collection<ConfigAttribute> getAttributes(Object object)throws IllegalArgumentException {String url = ((FilterInvocation)object).getRequestUrl();………………return list;}@Overridepublic boolean supports(Class<?> clazz) {return true;}}
认证访问控制器:
- public class X509AccessDecisionManager implements AccessDecisionManager{
- Logger logger = LoggerFactory.getLogger(this.getClass());
- /**
- * 决定是否有权限访问资源
- * @param authentication 登录用户权限信息
- * @param object 访问的资源对象
- * @param configAttributes 资源对象具有的配置属性
- * @exception AccessDeniedException 访问被拒绝
- */
- @Override
- public void decide(Authentication authentication, Object object,
- Collection<ConfigAttribute> configAttributes)
- throws AccessDeniedException, InsufficientAuthenticationException {
- FilterInvocation filterInvocation = (FilterInvocation)object;
- for(ConfigAttribute configAttribute:configAttributes)
- {
- for(GrantedAuthority grantedAuthority:authentication.getAuthorities())
- {
- if(configAttribute.getAttribute().equalsIgnoreCase(grantedAuthority.getAuthority()))
- {
- logger.debug("访问success! - {}",filterInvocation.getFullRequestUrl());
- return;
- }
- }
- }
- logger.debug("无权访问! - {}",filterInvocation.getFullRequestUrl());
- throw new AccessDeniedException("无权限!");
- }
- @Override
- public boolean supports(ConfigAttribute attribute) {
- return true;
- }
- @Override
- public boolean supports(Class<?> clazz) {
- return true;
- }
- }
public class X509AccessDecisionManager implements AccessDecisionManager{Logger logger = LoggerFactory.getLogger(this.getClass());/** * 决定是否有权限访问资源 * @param authentication 登录用户权限信息 * @param object 访问的资源对象 * @param configAttributes 资源对象具有的配置属性 * @exception AccessDeniedException 访问被拒绝 */@Overridepublic void decide(Authentication authentication, Object object,Collection<ConfigAttribute> configAttributes)throws AccessDeniedException, InsufficientAuthenticationException {FilterInvocation filterInvocation = (FilterInvocation)object;for(ConfigAttribute configAttribute:configAttributes){for(GrantedAuthority grantedAuthority:authentication.getAuthorities()){if(configAttribute.getAttribute().equalsIgnoreCase(grantedAuthority.getAuthority())){logger.debug("访问success! - {}",filterInvocation.getFullRequestUrl());return;}}}logger.debug("无权访问! - {}",filterInvocation.getFullRequestUrl());throw new AccessDeniedException("无权限!");}@Overridepublic boolean supports(ConfigAttribute attribute) {return true;}@Overridepublic boolean supports(Class<?> clazz) {return true;}}
最后上配置:
- <?xml version="1.0" encoding="UTF-8"?>
- <b:beans xmlns:b="http://www.springframework.org/schema/beans"
- xmlns="http://www.springframework.org/schema/security"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
- <http access-denied-page="/accessdenied.jsp">
- <custom-filter position="X509_FILTER" ref="x509Filter"/>
- <custom-filter ref="x509Intercepter" before="FILTER_SECURITY_INTERCEPTOR"/>
- <intercept-url pattern="/*" requires-channel="https"/>
- <port-mappings>
- <port-mapping http="8080" https="8443"/>
- </port-mappings>
- <form-login/>
- </http>
- <b:bean id="preAuthenticatedProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint">
- </b:bean>
- <b:bean id="x509Filter" class="org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter">
- <b:property name="authenticationManager" ref="authenticationmanager"></b:property>
- <b:property name="principalExtractor">
- <b:bean class=".....MyX509PrincipalExtractor"></b:bean>
- </b:property>
- </b:bean>
- <b:bean id="x509Intercepter" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
- <b:property name="authenticationManager" ref="authenticationmanager"></b:property>
- <b:property name="securityMetadataSource" ref="x509securityMetadataSource"></b:property>
- <b:property name="accessDecisionManager" ref="x509AccessDecisionManager"></b:property>
- </b:bean>
- <b:bean id="x509securityMetadataSource" class="....X509securityMetadataSource"></b:bean>
- <b:bean id="x509AccessDecisionManager" class="....X509AccessDecisionManager"></b:bean>
- <authentication-manager alias="authenticationmanager" >
- <authentication-provider ref="x509provider">
- </authentication-provider>
- </authentication-manager>
- <b:bean id="x509provider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
- <b:property name="preAuthenticatedUserDetailsService" ref="UserDetailsService">
- </b:property>
- <b:property name="throwExceptionWhenTokenRejected" value="true"></b:property>
- </b:bean>
- <b:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
- <b:bean id="UserDetailsService" class="....MyUserDetailService"></b:bean>
- <b:bean id="UserAuthorityInfo" class="....UserAuthorityInfoImp"></b:bean>
- </b:beans>
<?xml version="1.0" encoding="UTF-8"?><b:beans xmlns:b="http://www.springframework.org/schema/beans" xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"><http access-denied-page="/accessdenied.jsp"><custom-filter position="X509_FILTER" ref="x509Filter"/><custom-filter ref="x509Intercepter" before="FILTER_SECURITY_INTERCEPTOR"/><intercept-url pattern="/*" requires-channel="https"/><port-mappings><port-mapping http="8080" https="8443"/></port-mappings><form-login/></http><b:bean id="preAuthenticatedProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedProcessingFilterEntryPoint"></b:bean><b:bean id="x509Filter" class="org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter"><b:property name="authenticationManager" ref="authenticationmanager"></b:property><b:property name="principalExtractor"><b:bean class=".....MyX509PrincipalExtractor"></b:bean></b:property></b:bean><b:bean id="x509Intercepter" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"><b:property name="authenticationManager" ref="authenticationmanager"></b:property><b:property name="securityMetadataSource" ref="x509securityMetadataSource"></b:property><b:property name="accessDecisionManager" ref="x509AccessDecisionManager"></b:property></b:bean><b:bean id="x509securityMetadataSource" class="....X509securityMetadataSource"></b:bean><b:bean id="x509AccessDecisionManager" class="....X509AccessDecisionManager"></b:bean><authentication-manager alias="authenticationmanager" ><authentication-provider ref="x509provider"></authentication-provider></authentication-manager><b:bean id="x509provider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider"><b:property name="preAuthenticatedUserDetailsService" ref="UserDetailsService"></b:property><b:property name="throwExceptionWhenTokenRejected" value="true"></b:property></b:bean><b:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/><b:bean id="UserDetailsService" class="....MyUserDetailService"></b:bean><b:bean id="UserAuthorityInfo" class="....UserAuthorityInfoImp"></b:bean></b:beans>
web.xml
- 。。。。。
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/manager/*</url-pattern>
- </filter-mapping>
- 。。。。。
0 0
- Spring Security 3 证书登录
- spring security 登录验证
- spring Security 登录验证
- Spring security登录原理
- spring security手动登录
- Spring security注销登录
- spring security登录验证
- Spring Security 3.1自定义登录
- spring security +cas单点登录
- Spring-security不能重复登录
- Spring Security的登录过程
- Spring Security 3.1 登录验证
- spring security多入口登录
- 2. Spring Security 关于登录
- Spring Security-02-关于登录
- Spring Security 基础登录实例
- spring security 登录验证 感想
- spring security入门程序----登录
- oracle nvl和nvl2的区别
- 看敏捷高手交互卓越软件
- 下载Spring源码的步骤和遇到的坑
- spring事物处理异常
- Transaction rolled back because it has been marked as rollback-only”
- Spring Security 3 证书登录
- 单例模式
- FFMPEG发布RTSP流
- Android系统源代码情景分析
- 蓝桥杯——大臣的旅费(树的最大直径)
- MemCached缓存
- 项目中的.NET
- linux下升级gcc的方法
- Eclipse导入Android项目 Eclipse常见错误 中文乱码问题