1

Spring Security を Waffle と組み合わせて使用​​して、webapp のユーザーを認証しています。次の構成で Spring Security を構成しました。

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

import waffle.servlet.spi.BasicSecurityFilterProvider;
import waffle.servlet.spi.NegotiateSecurityFilterProvider;
import waffle.servlet.spi.SecurityFilterProvider;
import waffle.servlet.spi.SecurityFilterProviderCollection;
import waffle.spring.NegotiateSecurityFilter;
import waffle.spring.NegotiateSecurityFilterEntryPoint;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private NegotiateSecurityFilterEntryPoint entryPoint;

    @Autowired
    private NegotiateSecurityFilter filter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling().authenticationEntryPoint(entryPoint);
        http.addFilterBefore(filter, BasicAuthenticationFilter.class).authorizeRequests().anyRequest()
                .fullyAuthenticated();
    }

    @Bean
    public WindowsAuthProviderImpl windowsAuthProviderImpl() {
        return new WindowsAuthProviderImpl();
    }

    @Bean
    public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(final WindowsAuthProviderImpl authProvider) {
        return new NegotiateSecurityFilterProvider(authProvider);
    }

    @Bean
    public BasicSecurityFilterProvider basicSecurityFilterProvider(final WindowsAuthProviderImpl authProvider) {
        return new BasicSecurityFilterProvider(authProvider);
    }

    @Bean
    public SecurityFilterProviderCollection securityFilterProviderCollection(
            final NegotiateSecurityFilterProvider negotiateSecurityFilterProvider,
            final BasicSecurityFilterProvider basicSecurityFilterProvider) {
        return new SecurityFilterProviderCollection(new SecurityFilterProvider[] { negotiateSecurityFilterProvider,
                basicSecurityFilterProvider });
    }

    @Bean
    public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(
            final SecurityFilterProviderCollection securityFilterProviderCollection) {
        final NegotiateSecurityFilterEntryPoint entryPoint = new NegotiateSecurityFilterEntryPoint();

        entryPoint.setProvider(securityFilterProviderCollection);

        return entryPoint;
    }

    @Bean
    public NegotiateSecurityFilter negotiateSecurityFilter(
            final SecurityFilterProviderCollection securityFilterProviderCollection) {
        final NegotiateSecurityFilter filter = new NegotiateSecurityFilter();

        filter.setProvider(securityFilterProviderCollection);

        return filter;
    }

}

認証プロセスは期待どおりに機能していますが、次のようにコントローラーで現在ログインしているユーザーの名前しか読み取ることができません。

@RequestMapping("/")
public @ResponseBody String index(final Principal user) {
    return String.format("Welcome to the home page, %s!", user.getName());
}

承認のために、データベースで定義したユーザーにロールを割り当てたいと考えています。追加情報 (電子メール アドレス、電話番号など) は Active Directory に保存されます。これらの情報を自動的にマージするにはどうすればよいですか?

4

1 に答える 1

4

Waffle フィルターの実行後に起動される別のフィルターを作成しました。Waffle がユーザーを認証したかどうかを確認します。Authenticationその場合は、Waffle オブジェクトからの情報を使用して独自のオブジェクトを作成します。

アップデート

その間、フォームベースのログインに戻りました。しかし、私は次のようにしたと思います:

カスタムUserDetailsクラス:

@Data
public class User implements UserDetails {

    private static final long serialVersionUID = -302856598965676658L;

    private String username;

    private Set<Role> authorities;

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
    }

    @Override
    public String getPassword() {
        return "";
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }

}

カスタムGrantedAuthorityクラス:

@Data
public class Role implements GrantedAuthority {

    private static final long serialVersionUID = -7912276892872811638L;

    private String authority;

    @Override
    public String getAuthority() {
        return authority;
    }

}

カスタム認証クラス:

public class CustomAuthentication implements Authentication {

    private static final long serialVersionUID = -1723253799961522167L;

    private User user;

    public CustomAuthentication(final User user) {
        this.user = user;
    }

    @Override
    public String getName() {
        return user.getUsername();
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return user.getAuthorities();
    }

    @Override
    public Object getCredentials() {
        return null;
    }

    @Override
    public Object getDetails() {
        return null;
    }

    @Override
    public Object getPrincipal() {
        return user;
    }

    @Override
    public boolean isAuthenticated() {
        return user != null;
    }

    @Override
    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
    }

}

カスタム フィルター:

@Component
public class CustomFilter extends GenericFilterBean {

    @Autowired
    private UserService userService;

    @Override
    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
            throws IOException, ServletException {
        final SecurityContext securityContext = SecurityContextHolder.getContext();
        final Authentication authentication = securityContext.getAuthentication();

        if (authentication != null) {
            final String username = authentication.getName();
            final User user = userService.getUserByUsername(username);
            final CustomAuthentication customAuthentication = new CustomAuthentication(user);

            securityContext.setAuthentication(customAuthentication);
        }

        chain.doFilter(request, response);
    }

}

フィルターの登録:

@Configuration
@EnableWebMvcSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private NegotiateSecurityFilter waffleFilter;

    @Autowired
    private CustomFilter customFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterBefore(waffleFilter, BasicAuthenticationFilter.class);
        http.addFilterAfter(customFilter, NegotiateSecurityFilter.class);
    }

}
于 2015-06-24T08:00:10.403 に答える