存在Site Security的SpringSecurity,仅用于接收用户。但是,要获得角色,您将需要创建扩展的身份验证过程。这将使用角色对用户进行身份验证。
内
root-security.xml
<beans:bean id="userDetailsService" /><beans:bean id="preauthAuthProvider" > <beans:property name="preAuthenticatedUserDetailsService"> <beans:bean id="userDetailsServiceWrapper" > <beans:property name="userDetailsService" ref="userDetailsService" /> </beans:bean> </beans:property></beans:bean><beans:bean id="siteminderFilter" > <beans:property name="principalRequestHeader" value="SM_USER" /> <beans:property name="rolesRequestHeader" value="SM_ROLE" /> <beans:property name="rolesDelimiter" value="," /> <beans:property name="authenticationManager" ref="authenticationManager" /></beans:bean><authentication-manager alias="authenticationManager"> <authentication-provider ref="preauthAuthProvider" /></authentication-manager>
SiteMinderUserDetailsService
public class SiteMinderUserDetailsService extends PreAuthenticatedGrantedAuthoritiesUserDetailsService implements UserDetailsService { @Override public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException { SiteMinderUserDetails userDetails = new SiteMinderUserDetails(); userDetails.setUsername(arg0); return userDetails; } @Override protected UserDetails createuserDetails(Authentication token, Collection<? extends GrantedAuthority> authorities) { return super.createuserDetails(token, authorities); }}SiteMinderUserDetails
public class SiteMinderUserDetails implements UserDetails { // implement all methods}SiteMinderFilter
public class SiteMinderFilter extends RequestHeaderAuthenticationFilter { private String rolesRequestHeader; private String rolesDelimiter; @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException, NullPointerException { String roles = (String) ((HttpServletRequest)request).getHeader(getRolesRequestHeader()); String[] rolesArray = roles.split(rolesDelimiter); Collection<SimpleGrantedAuthority> auth = new ArrayList<SimpleGrantedAuthority>(); for (String s : rolesArray) { auth.add(new SimpleGrantedAuthority(s)); } SiteMinderUserDetails userDetails = new SiteMinderUserDetails(); userDetails.setUsername((String) super.getPreAuthenticatedPrincipal(((HttpServletRequest)request))); userDetails.setAuthorities(auth); AuthenticationImpl authentication = new AuthenticationImpl(); authentication.setAuthenticated(true); authentication.setAuthorities(auth); authentication.setPrincipal(userDetails); authentication.setCredentials(super.getPreAuthenticatedCredentials(((HttpServletRequest)request))); SecurityContextHolder.getContext().setAuthentication(authentication); super.doFilter(request, response, chain); } public SiteMinderFilter() { super(); } @Override public void setPrincipalRequestHeader(String principalRequestHeader) { super.setPrincipalRequestHeader(principalRequestHeader); } public void setRolesRequestHeader(String rolesRequestHeader) { this.rolesRequestHeader = rolesRequestHeader; } public String getRolesRequestHeader() { return rolesRequestHeader; } public void setRolesDelimiter(String rolesDelimiter) { this.rolesDelimiter = rolesDelimiter; } public String getRolesDelimiter() { return rolesDelimiter; }}身份验证Impl
public class AuthenticationImpl implements Authentication { // implement all methods}
