gpt4 book ai didi

spring-boot - 如何使用 Atlassian Crowd Integration 与 Spring boot + Spring security 使用 Java Beans

转载 作者:行者123 更新时间:2023-12-04 02:56:19 28 4
gpt4 key购买 nike

我们使用许多构建在 spring security 之上的 spring boot 项目来提供用于多种目的的小型 web 应用程序。我们强烈考虑转向使用 Crowd 作为中央身份验证提供程序,但是我在将 spring boot 配置为使用 java 样式的 bean 而不是提供的 XML 配置时遇到了很多麻烦,因为这不再是推荐的配置(参见 http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/#using-boot-configuration-classes 验证 java-bean 样式配置是首选方式)。

我的基本安全测试应用程序的安全配置设置如下:

WebSecurityConfig.java

package hello;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}

我真的很困惑如何修改它以适应 Crowd 内置的 springsecurity 集成。 (特别是 com.atlassian.crowd:crowd-integration-springsecurity:2.8.3)。我试图通过标准配置注释类尝试和引导功能的 XML 如下:

applicationContext-security.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

<!--
<debug />
<beans:alias name="springSecurityFilterChain" alias="org.springframework.security.filterChainProxy"/>
-->

<!-- Added for Integrating Crowd with Spring Security -->

<!-- 3.1 Configuring Centralised User Management -->

<!-- 3.1.1 -->
<beans:bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
<beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/>
<beans:property name="userManager" ref="crowdUserManager"/>
<beans:property name="authorityPrefix" value="ROLE_"/>

<!--
<beans:property name="groupToAuthorityMappings">
<beans:bean factory-bean="groupToAuthorityMappings" factory-method="entrySet" />
</beans:property>
-->
</beans:bean>

<!--
<util:map id="groupToAuthorityMappings">
<beans:entry key="crowd-administrators" value="ROLE_crowd-administrators" />
<beans:entry key="some-other-group" value="specific-authority-for-other-group" />
</util:map>
-->

<!-- 3.1.2 -->
<beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
<beans:constructor-arg ref="crowdAuthenticationManager"/>
<beans:constructor-arg ref="httpAuthenticator"/>
<beans:constructor-arg ref="crowdUserDetailsService"/>
</beans:bean>

<!-- 3.2 -->

<http pattern="/console/static/session-context"
entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint">
</http>

<http pattern='/console/static/**' security='none'/>

<http auto-config="false"
entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint"
access-denied-page="/denied.html">
<custom-filter position="FORM_LOGIN_FILTER" ref='authenticationProcessingFilter'/>
<custom-filter position="LOGOUT_FILTER" ref='logoutFilter'/>

<intercept-url pattern="/console/secure/**" access="ROLE_crowd-administrators"/>
<intercept-url pattern="/console/user/**" access="IS_AUTHENTICATED_FULLY"/>

<intercept-url pattern="/console/resource-with-own-check/**" access='IS_AUTHENTICATED_ANONYMOUSLY'/>
</http>


<authentication-manager alias='authenticationManager'>
<authentication-provider ref='crowdAuthenticationProvider'/>
</authentication-manager>

<beans:bean id="crowdAuthenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.html"/>
</beans:bean>

<beans:bean id="authenticationProcessingFilter" class="com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="filterProcessesUrl" value="/j_security_check"/>
<beans:property name="authenticationFailureHandler">
<beans:bean class="com.atlassian.crowd.integration.springsecurity.UsernameStoringAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/console/login.action?error=true"/>
</beans:bean>
</beans:property>

<beans:property name="authenticationSuccessHandler">
<beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/console/defaultstartpage.action"/>
</beans:bean>
</beans:property>
</beans:bean>

<beans:bean id="crowdLogoutHandler" class="com.atlassian.crowd.integration.springsecurity.CrowdLogoutHandler">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
</beans:bean>

<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg value="/login.html"/>
<beans:constructor-arg>
<beans:list>
<beans:ref bean="crowdLogoutHandler"/>
<beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</beans:list>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/console/logoff.action"/>
</beans:bean>

以上是我在任何地方都能找到的最新的 XML 安全文件的综合示例,它与 spring security 4.0 不兼容(如果你增加版本,你会到处都是 xml 违规)。我不知道 httpAuthenticator 在哪里/如何解决,因为我没有看到任何具有该 ID 的 bean,这使它非常麻烦。

任何帮助将不胜感激,我已经投入了好几天了,但收效甚微。

额外信息:

运行spring boot version 1.3.1-Release,spring security version 4.0

最佳答案

所以,我想我实际上已经弄明白了,它至少给了我一个进一步定制 spring boot 集成的起点。主要的魔法是 WebSecurityConfig 类,现在看起来如下所示:

WebSecurityConfig.java:

package hello;
import com.atlassian.crowd.integration.http.HttpAuthenticator;
import com.atlassian.crowd.integration.http.HttpAuthenticatorImpl;
import com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider;
import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsService;
import com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl;
import com.atlassian.crowd.service.AuthenticationManager;
import com.atlassian.crowd.service.GroupManager;
import com.atlassian.crowd.service.UserManager;
import com.atlassian.crowd.service.cache.BasicCache;
import com.atlassian.crowd.service.cache.CacheImpl;
import com.atlassian.crowd.service.cache.CachingGroupManager;
import com.atlassian.crowd.service.cache.CachingGroupMembershipManager;
import com.atlassian.crowd.service.cache.CachingUserManager;
import com.atlassian.crowd.service.cache.SimpleAuthenticationManager;
import com.atlassian.crowd.service.soap.client.SecurityServerClient;
import com.atlassian.crowd.service.soap.client.SecurityServerClientImpl;
import com.atlassian.crowd.service.soap.client.SoapClientPropertiesImpl;
import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
public static Properties getProps() throws IOException{
Properties prop = new Properties();
try(InputStream in = Thread.currentThread().getContextClassLoader().getResourceAsStream("crowd.properties")){
prop.load(in);
}
return prop;
}
@Bean
public SecurityServerClient securityServerClient() throws IOException{
return new SecurityServerClientImpl(SoapClientPropertiesImpl.newInstanceFromProperties(getProps()));
}
private final BasicCache cache = new CacheImpl(Thread.currentThread().getContextClassLoader().getResource("crowd-ehcache.xml"));

@Bean
public AuthenticationManager crowdAuthenticationManager() throws IOException{

return new SimpleAuthenticationManager(securityServerClient());
}
@Bean
public HttpAuthenticator httpAuthenticator() throws IOException{
return new HttpAuthenticatorImpl(crowdAuthenticationManager());
}
@Bean
public UserManager userManager() throws IOException{
return new CachingUserManager(securityServerClient(), cache);
}
@Bean
public GroupManager groupManager() throws IOException{
return new CachingGroupManager(securityServerClient(), cache);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(crowdAuthenticationProvider());
}
@Bean
public CrowdUserDetailsService crowdUserDetailsService() throws IOException{
CrowdUserDetailsServiceImpl cusd = new CrowdUserDetailsServiceImpl();
cusd.setUserManager(userManager());
cusd.setGroupMembershipManager(new CachingGroupMembershipManager(securityServerClient(), userManager(),groupManager(),cache));
cusd.setAuthorityPrefix("ROLE_");
return cusd;
}
@Bean
RemoteCrowdAuthenticationProvider crowdAuthenticationProvider() throws IOException{
return new RemoteCrowdAuthenticationProvider(crowdAuthenticationManager(), httpAuthenticator(), crowdUserDetailsService());
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("ROLE_USER");
}
}

最困难的部分是弄清楚如何设置 bean,这根本没有文档记录,因为之前都是 XML 魔术。现在,假设您有正确的 crowd.properties 文件和正确的 EhCache 文件设置(也可以用 java bean 删除,但这不太严重),您可以以纯 java 方式使用人群集成。

完成这项工作的 build.gradle,如下所示:

build.gradle:

buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:1.3.1.RELEASE")
}
}
if (!hasProperty('mainClass')) {
ext.mainClass = 'hello.Application'
}
apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'idea'
apply plugin: 'spring-boot'
jar {
baseName = 'gs-securing-web'
version = '0.1.0'
}
repositories {
maven {
url = 'https://m2proxy.atlassian.com/repository/public'
}
mavenCentral()
}
sourceCompatibility = 1.8
targetCompatibility = 1.8
dependencies {
compile "commons-codec:commons-codec:1.10"
compile "org.springframework.boot:spring-boot-starter-web"
compile "org.springframework.boot:spring-boot-starter"
compile "org.springframework:spring-tx"
compile 'org.springframework.boot:spring-boot-starter-security'
compile 'org.springframework.boot:spring-boot-starter-thymeleaf'
compile (group: "com.atlassian.crowd", name: "crowd-integration-springsecurity", version: "2.8.+"){
exclude (group: 'org.apache.ws.commons');
}
compile 'org.slf4j:slf4j-api'
compile "org.codehaus.groovy:groovy"
compile "org.codehaus.groovy:groovy-json:2.3.8"
}
task wrapper(type: Wrapper) {
gradleVersion = '2.10'
}

就是这样!然后正确引导身份验证以使用 crowds springsecurity 接口(interface)。现在,值得一提的是,我还没有玩过它如何让我返回各种角色等。但这应该让我继续前进。此外,这不包括 SSO 代码,我还没有完全弄清楚。所以一旦我明白了,我会在某个地方发布更详尽的操作方法。

关于spring-boot - 如何使用 Atlassian Crowd Integration 与 Spring boot + Spring security 使用 Java Beans,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34750307/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com