0

AuthenticationManager で参照されている<password-encoder>CustomDetailService があります。他のすべてのセキュリティ フィルター (同時実行、customLogoutFilter など) の後に、次の Bean を spring-security に追加しました<http auto-config="false" ..>

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org
      /2001/XMLSchema-instance"
xsi:schemaLocation="
    http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<!-- Disable annotation-based method security -->
<global-method-security secured-annotations="disabled" />

<beans:bean id="sessionRegistry"
    class="org.springframework.security.core.session.SessionRegistryImpl" />

<!-- Service that provides user credentials for use by the authentication provider -->
<beans:bean id="customDetailService" class="xxx.security.CustomDetailService" />

<!-- Assign the user details service to the default authentication provider -->
<beans:bean class="xxx.security.XyzPasswordEncoder" id="passwordEncoder" />

<!-- Get an alias to the default authentication manager -->
<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref="customDetailService">
        <password-encoder ref="passwordEncoder" />
    </authentication-provider>
</authentication-manager>

<!-- Register an exception filter that takes an entry point -->
<beans:bean id="exceptionTranslationFilter"
    class="org.springframework.security.web.access.ExceptionTranslationFilter">
    <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
    <beans:property name="accessDeniedHandler" ref="accessDeniedHandler" />
</beans:bean>
<beans:bean id="authenticationEntryPoint"
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <beans:property name="loginFormUrl" value="/public/auth/login.htmlx" />
</beans:bean>
<beans:bean id="accessDeniedHandler"
    class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
    <beans:property name="errorPage" value="/error/access-denied.jsp" />
</beans:bean>

<!-- Register a custom authentication filter and register success/failure 
    handlers -->
<beans:bean id="customAuthenticationFilter"
    class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="sessionAuthenticationStrategy"
        ref="concurrentSessionControlStrategy" />
    <beans:property name="authenticationSuccessHandler"
        ref="loginSuccessHandler" />
    <beans:property name="authenticationFailureHandler"
        ref="loginFailureHandler" />
</beans:bean>

<beans:bean id="concurrentSessionControlStrategy"
    class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
    <beans:constructor-arg name="sessionRegistry"
        ref="sessionRegistry" />
</beans:bean>
<beans:bean id="loginSuccessHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
    <beans:property name="defaultTargetUrl" value="/LoginSuccess" />
</beans:bean>
<beans:bean id="loginFailureHandler"
    class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    <beans:property name="defaultFailureUrl" value="/LoginFailed" />
</beans:bean>

<!-- Register a custom logout filter -->
<beans:bean id="customLogoutFilter" class="xxx.security.LogoutFilterWrapper">
    <beans:property name="logoutSuccessfulUrl" value="/public/auth/login.htmlx" />
    <beans:property name="logoutSuccessfulUrlAdmin" value="/public/auth/admlogin.htmlx" />
    <beans:property name="logoutSuccessfulUrlInactivity"
        value="/public/auth/timedout.htmlx" />
</beans:bean>

<!-- Register a concurrent session filter. This will limit the number of 
    sessions a user can have -->
<beans:bean id="concurrencyFilter"
    class="org.springframework.security.web.session.ConcurrentSessionFilter">
    <beans:property name="sessionRegistry" ref="sessionRegistry" />
    <beans:property name="expiredUrl"
        value="/public/error/multi-login-not-supported.htmlx" />
</beans:bean>

<!-- Register a filter to log in as a different user -->    
<beans:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
    <beans:property name="userDetailsService" ref="customDetailService" />
    <beans:property name="switchUserUrl" value="/j_spring_security_switch_user" />
    <beans:property name="exitUserUrl" value="/j_spring_security_exit_user" />
    <beans:property name="targetUrl" value="/" />
</beans:bean>


<http auto-config="false" entry-point-ref="authenticationEntryPoint">

    <custom-filter position="FORM_LOGIN_FILTER" ref="customAuthenticationFilter" />
    <custom-filter position="LOGOUT_FILTER" ref="customLogoutFilter" />
    <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
        <custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />

            <session-management session-fixation-protection="none" />

    <!-- Configure the filter security interceptor. URL patterns default to 
        Apache Ant path syntax -->
    <intercept-url pattern="/**/xyz_product*" access="ROLE_XYZ_PRODUCT" />
    <intercept-url pattern="/root/user/index.htmlx" access="ROLE_XYZ_PRODUCT" />

    <!-- Allow unrestrictricted access to assets -->
    <intercept-url pattern="/assets/**" filters="none" />

    <!-- Allow unrestrictricted access to public areas -->
    <intercept-url pattern="/public/**" filters="none" />

    <!-- Allow unrestrictricted access to generated resources -->
    <intercept-url pattern="/faces/**" filters="none" />

    <!-- Enforce role-based access for login success servlet -->
    <intercept-url pattern="/LoginSuccess"
        access="ROLE_RESTRICTED,ROLE_ADMIN,ROLE_ADMIN_APP,ROLE_PHYSICIAN,ROLE_NURSE" />

    <!-- Enforce role-based access for user area -->
    <intercept-url pattern="/root/user/**" access="ROLE_PHYSICIAN,ROLE_NURSE" />

    <!-- Enforce role-based access for admin area -->
    <intercept-url pattern="/root/admin/*" access="ROLE_ADMIN,ROLE_ADMIN_APP" />

    <intercept-url pattern="/root/admin/user/**" access="ROLE_ADMIN,ROLE_ADMIN_APP" />


    // ommitted ...

     </http>

    </beans:beans>

これが私のfaceletsページです:

<h:form>
    <h:inputText id="j_username" value="" styleClass="textInput" size="50"/>    
    <p>Click <h:commandLink value="here" action="/j_spring_security_switch_user"/> to switch to 
        user </p>
</h:form>

ログのエラー:

org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager は認証オブジェクトを変更しなかった

4

1 に答える 1

0

これを修正できました。問題は、jsf アクションを「/j_spring_security_switch_user」にバインドしたときに、jsf ページが j_username を SwitchUserFilter に送信しないことでした。ただし、コントローラー バインディングを介したパススルーは機能します。

私はここで私の経験をブログにしました:

http://www.reverttoconsole.com/blog/spring/switch-user-su-like-behavior-in-spring/

于 2012-10-29T05:40:07.477 に答える