まず、ユーザーを検証する必要がありますか?それ以外の場合、ADMINがアクセスしようとしているのか、通常のUSERにアクセスしようとしているのかを、アプリケーションはどのように認識しますか?
これを行う前に、 web.xmlsecurity-constraint
から削除してください
。アプリにスプリング認証を追加してください。
まず、pojoクラスを作成して、実装する必要のあるリストを作成します。以下にサンプルを示します。
GrantedAuthority
org.springframework.security.core.userdetails.UserDetails
public class YourPojo implements UserDetails{
/** The authorities. */
//This collection will have eCommerceAdmin
public Collection<GrantedAuthority> authorities;
/** The username. */
public String username;
/** The account non expired. */
public boolean accountNonExpired;
/** The credentials non expired. */
public boolean credentialsNonExpired;
/** The enabled. */
public boolean enabled;
/** The Constant serialVersionUID. */
private static final long serialVersionUID = -2342376103893073629L;
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#getAuthorities()
*/
@Override
public Collection<GrantedAuthority> getAuthorities() {
return authorities;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#getPassword()
*/
@Override
public String getPassword() {
return null;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#getUsername()
*/
@Override
public String getUsername() {
return username;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isAccountNonExpired()
*/
@Override
public boolean isAccountNonExpired() {
return accountNonExpired;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isAccountNonLocked()
*/
@Override
public boolean isAccountNonLocked() {
return accountNonLocked;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isCredentialsNonExpired()
*/
@Override
public boolean isCredentialsNonExpired() {
return credentialsNonExpired;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isEnabled()
*/
@Override
public boolean isEnabled() {
return enabled;
}
/**
* Sets the authorities.
*
* @param authorities the new authorities
*/
public void setAuthorities(Collection<GrantedAuthority> authorities) {
this.authorities = authorities;
}
/**
* Sets the username.
*
* @param username the new username
*/
public void setUsername(String username) {
this.username = username;
}
/**
* Sets the account non expired.
*
* @param accountNonExpired the new account non expired
*/
public void setAccountNonExpired(boolean accountNonExpired) {
this.accountNonExpired = accountNonExpired;
}
/**
* Sets the account non locked.
*
* @param accountNonLocked the new account non locked
*/
public void setAccountNonLocked(boolean accountNonLocked) {
this.accountNonLocked = accountNonLocked;
}
/**
* Sets the credentials non expired.
*
* @param credentialsNonExpired the new credentials non expired
*/
public void setCredentialsNonExpired(boolean credentialsNonExpired) {
this.credentialsNonExpired = credentialsNonExpired;
}
/**
* Sets the enabled.
*
* @param enabled the new enabled
*/
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
}
以下は、必要なHTTPタグです。
<!-- to use Spring security tags -->
<bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
<http pattern="/login*" security="none"/>
<http pattern="/static/**" security="none"/>
<http auto-config="false">
<intercept-url pattern="/admin/**" access="eCommerceAdmin" />
<form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
</http>
次に、認証プロバイダーを定義します。
<bean id="customeAuthProvider" class="your.auth.provider.class">
</bean>
<authentication-manager >
<authentication-provider ref="customeAuthProvider" ></authentication-provider>
</authentication-manager>
これcustomeAuthProvider
はを実装する必要がありますorg.springframework.security.authentication.AuthenticationProvider
。
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
UsernamePasswordAuthenticationToken userToken = (UsernamePasswordAuthenticationToken)authentication;
String username = userToken.getName();
String password = (String) authentication.getCredentials();
//Do whatevr you want with the credentials
//Then populate the authorities for this credential
YourPojo user=new YourPojo ();
user.setUserName("add username");
//set other details
List<GrantedAuthority> grantedAuthorityList = new ArrayList<GrantedAuthority>();
//if user is admin add the below line
GrantedAuthorityImpl grantedAuthorityImpl = new GrantedAuthorityImpl("eCommerceAdmin");
//Add other authorities as applicable like 'user' etc.
user.setAuthorities(grantedAuthorityList);
return new UsernamePasswordAuthenticationToken(username, password, user.getAuthorities());
参考までに、以下のようにweb.xml内のセキュリティxmlファイルを参照できます。また、web.xmlにはスプリングセキュリティフィルターが必要です。
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/your-applicationContext.xml
/WEB-INF/your-spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
スプリングセキュリティの依存関係も必要です。プロジェクトにMavenを使用している場合は、次の依存関係を追加してください。そうでない場合は、これらのjarを手動でダウンロードして続行できます。
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
今、あなたは行ってもいいです..FYRはこれを通過します