1. 首页
  2. 问答
  3. 春季基本身份验证

春季基本身份验证

2014-07-25 53 views
0

您好我有认证的若干登录表单配置,我想通过春季基本身份验证

 response.setHeader("WWW-Authenticate", "Basic realm=\"/\""); 
     response.setStatus(401); 
     response.setHeader("Location", url);

以这样的表现形式来代替我的简单的登录表单,并使用spnegoAuthenticationProcessingFilter:

<div id="login-box"> 

    <h3>Login with Username and Password</h3> 
    <c:if test="${not empty error}"> 
     <div class="error">${error}</div> 
    </c:if> 
    <c:if test="${not empty msg}"> 
     <div class="msg">${msg}</div> 
    </c:if> 

    <form name='loginForm' action="<c:url value='j_spring_security_check' />" method='POST'> 
     <table> 
     <tr> 
      <td>User:</td> 
      <td><input type='text' name='j_username' value=''></td> 
     </tr> 
     <tr> 
      <td>Password:</td> 
      <td><input type='password' name='j_password' /></td> 
     </tr> 
     <tr> 
      <td colspan='2'><input name="submit" type="submit" value="submit" /></td> 
     </tr> 
     </table> 
    </form> 
</div>

这是我的弹簧安全c配置:

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 


    <sec:http entry-point-ref="spnegoEntryPoint" auto-config="false" > 
     <sec:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
     <sec:intercept-url pattern="/**" access="ROLE_USER" /> 
     <sec:custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" /> 
     <sec:form-login login-page="/login" default-target-url="/hello" always-use-default-target="true"/> 
    </sec:http> 

    <bean id="spnegoEntryPoint" class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" /> 

    <bean id="spnegoAuthenticationProcessingFilter" class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter"> 
     <property name="authenticationManager" ref="authenticationManager" /> 
    </bean> 

    <sec:authentication-manager alias="authenticationManager"> 
     <sec:authentication-provider ref="kerberosAuthenticationProvider"/> 
    </sec:authentication-manager> 

    <!-- Login form auth --> 
    <bean id="kerberosAuthenticationProvider" class="org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider"> 
     <property name="kerberosClient"> 
      <bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient"> 
       <property name="debug" value="true" /> 
      </bean> 
     </property> 
     <property name="userDetailsService" ref="dummyUserDetailsService" /> 
    </bean> 

    <bean class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig"> 
     <property name="debug" value="true" /> 
     <property name="krbConfLocation" value="/apps/bin/krb5/krb5.conf" /> 
    </bean> 

    <bean id="dummyUserDetailsService" class="com.web.ldap.DummyUserDetailsService"/> 

</beans>

这是可能的吗?

来源

2014-07-25 user3815507

+0

删除的配置'form-login'元素应该足够了。 –

+0

已删除表单登录但仍没有 user3815507

+0

如果我通过response.setHeader(“WWW-Authenticate”,“Basic realm = \”/ \“”)替换表单; response.setStatus(401); response.setHeader(“Location”,url);我仍然有窗口,但我的授权没有处理。 – user3815507

回答

0

我做这个由

<sec:http> 
    <sec:intercept-url pattern="/**" access="ROLE_USER" /> 
    <sec:http-basic entry-point-ref="spnegoEntryPoint"/> 
<!-- <sec:custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" /> --> 
</sec:http>

,但现在我没有spnegoAuthenticationProcessingFilter工作...

如果我取消自定义过滤我的应用程序将无法正常工作

来源

2014-07-25 09:23:49 user3815507

相关问题

 相关问题