`
yangyongByJava
  • 浏览: 127362 次
  • 性别: Icon_minigender_1
  • 来自: 上海
社区版块
存档分类
最新评论

waffle结合spring-security进行windows认证

阅读更多

waffle是实现Windows & Active Directory单点登录的一种方式,它能过做一切windows认证 的事情,包括  Negotiate ,NTLM和Kerberos。其实现步骤如下:

1.下载waffle所需的jar文件,下载地址http://dblock.github.com/waffle/

2.新建一个web项目,将waffle认证和spring-security相关的jar文件添加到web项目中,waffle所需的jar包分别为:

commons-logging-1.1.1.jar、guava-r07.jar、jna.jar、platform.jar、waffle-jacob.jar、waffle-jna.jar;

3、修改web.xml文件的配置为:

<filter>

<filter-name>springSecurityFilterChain</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>springSecurityFilterChain</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<context-param>

<param-name>contextConfigLocation</param-name>

<param-value>/WEB-INF/waffle-filter.xml</param-value> 

</context-param>

<listener>

<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

</listener>

4、在WEB-INF下建立waffle-filter.xml文件,文件内容如下:

<!-- windows authentication provider -->

<bean id="waffleWindowsAuthProvider"

   class="waffle.windows.auth.impl.WindowsAuthProviderImpl" />

<!-- collection of security filters -->

<bean id="negotiateSecurityFilterProvider"

                class="waffle.servlet.spi.NegotiateSecurityFilterProvider">

<constructor-arg ref="waffleWindowsAuthProvider" />

</bean>

<bean id="basicSecurityFilterProvider" class="waffle.servlet.spi.BasicSecurityFilterProvider">

<constructor-arg ref="waffleWindowsAuthProvider" />

</bean>

<bean id="waffleSecurityFilterProviderCollection"

   class="waffle.servlet.spi.SecurityFilterProviderCollection">

<constructor-arg>

<list>

<ref bean="negotiateSecurityFilterProvider" />  

<ref bean="basicSecurityFilterProvider" />  

</list>

</constructor-arg>

</bean>

<!-- spring filter entry point -->

<sec:http entry-point-ref="negotiateSecurityFilterEntryPoint">

<sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />

<sec:custom-filter ref="waffleNegotiateSecurityFilter" position="BASIC_AUTH_FILTER" />

</sec:http>

 

<bean id="negotiateSecurityFilterEntryPoint"

   class="waffle.spring.NegotiateSecurityFilterEntryPoint">

<property name="provider" ref="waffleSecurityFilterProviderCollection" />

</bean>

<!-- spring authentication provider -->

<sec:authentication-manager alias="authenticationProvider" />

<!-- spring security filter -->

<bean id="waffleNegotiateSecurityFilter" class="waffle.spring.NegotiateSecurityFilter">

<property name="Provider" ref="waffleSecurityFilterProviderCollection" />

<property name="AllowGuestLogin" value="true" />

<property name="PrincipalFormat" value="fqn" />

<property name="RoleFormat" value="both" />

</bean>

注意:当访问的时候最好将访问地址写成项目部署所在机器的主机名。

当浏览器发送请求时,首先经过negotiateSecurityFilterEntryPoint处理,若未经认证或认证失败,则会弹出一个页面要求输入用户名和密码,点击确定按钮后,交由waffleNegotiateSecurityFilter处理,waffleNegotiateSecurityFilter调用相应的类和方法判断用户名和密码是否正确,如果正确,在允许访问,此时可通过request.getUserPrincipal()获取登录用户的相关信息。

 

 

 

分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics