機能する inMemoryAuthentication 構成があります。
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(
AuthenticationManagerBuilder authenticationManagerBuilder)
throws Exception {
authenticationManagerBuilder //
.inMemoryAuthentication() //
.withUser("employee") //
.password("employee") //
.roles("RoleEmployee")
;
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// @formatter:off
httpSecurity
.authorizeRequests()
.antMatchers("/login","/login.request","/logout").permitAll()
.anyRequest().hasRole("RoleEmployee")
.and()
.formLogin()
.loginPage("/login.request")
.loginProcessingUrl("/login")
.failureUrl("/login.request?error")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.permitAll()
.logoutSuccessUrl("/login.request")
;
// @formatter:on
}
}
Siteminder 認証を使用したいので、これを次のように変更しました。
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
private UserDetailsService userDetailsService;
private PreAuthenticatedAuthenticationProvider preAuthenticatedProvider;
public WebSecurityConfiguration() {
super();
userDetailsService = new CustomUserDetailsService();
UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> wrapper = new UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken>(
userDetailsService);
preAuthenticatedProvider = new PreAuthenticatedAuthenticationProvider();
preAuthenticatedProvider.setPreAuthenticatedUserDetailsService(wrapper);
}
@Override
protected void configure(
AuthenticationManagerBuilder authenticationManagerBuilder)
throws Exception {
// @formatter:off
authenticationManagerBuilder //
.authenticationProvider(preAuthenticatedProvider);
// @formatter:on
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// @formatter:off
RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter();
siteMinderFilter.setAuthenticationManager(authenticationManager());
httpSecurity
.addFilter(siteMinderFilter)
.authorizeRequests()
.antMatchers("/login","/login.request","/logout").permitAll()
.anyRequest().hasRole("RoleEmployee")
.and()
.formLogin()
.loginPage("/login.request")
.loginProcessingUrl("/login")
.failureUrl("/login.request?error")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.permitAll()
.logoutSuccessUrl("/login.request")
;
// @formatter:on
}
}
今のところ、CustomUserDetailsService は常に従業員ロールを持つユーザーを返します。
public class CustomUserDetailsService implements
UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
SimpleGrantedAuthority authority = new SimpleGrantedAuthority("RoleEmployee");
authorities.add(authority);
UserDetails user = new User(username, "password", authorities);
return user;
}
}
これをテストすると、SM_USER ヘッダーが正しく渡され、デバッガーで CustomUserDetailsSerice が正しく呼び出されていることを確認できますが、古い構成で以前に正常にアクセスできたすべてのページに対して 403 Forbidden ステータスが返されます。
この構成に何か問題がありますか?