识别Windows远程用户Spring + Waffle
识别Windows远程用户Spring + Waffle
提问于 2020-04-16 07:37:11
我们正在将Struts1.3Web应用程序迁移到SpringBoot。我们应用程序的一个特性是识别Windows用户,然后调用自定义web服务进行身份验证、分配角色和自动登录应用程序。
在Struts中,我们使用Waffle通过在Java中获取request.getRemoteUser()的值来识别登录的Windows用户。
对于Spring,我们做了以下工作
在pom.xml中,我们添加了依赖项
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna</artifactId>
<version>${jna.version}</version>
</dependency>
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna-platform</artifactId>
<version>${jna.version}</version>
</dependency>
<dependency>
<groupId>com.github.waffle</groupId>
<artifactId>waffle-spring-security4</artifactId>
<version>2.2.1</version>
</dependency>我们有一个SecurityConfig.java,在这里我们做了以下更改。请注意,我们没有使用基于Spring的登录。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private NegotiateSecurityFilter negotiateSecurityFilter;
@Autowired
private NegotiateSecurityFilterEntryPoint entryPoint;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class);
http.httpBasic().disable();
http.csrf().disable().cors();
}
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication();
}
}我们在这里维护了与Waffle相关的配置- WaffleConfig.java
@Configuration
public class WaffleConfig {
@Bean
public WindowsAuthProviderImpl waffleWindowsAuthProvider() {
return new WindowsAuthProviderImpl();
}
@Bean
public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(
WindowsAuthProviderImpl windowsAuthProvider) {
return new NegotiateSecurityFilterProvider(windowsAuthProvider);
}
@Bean
public BasicSecurityFilterProvider basicSecurityFilterProvider(WindowsAuthProviderImpl windowsAuthProvider) {
return new BasicSecurityFilterProvider(windowsAuthProvider);
}
@Bean
public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(
NegotiateSecurityFilterProvider negotiateSecurityFilterProvider,
BasicSecurityFilterProvider basicSecurityFilterProvider) {
SecurityFilterProvider[] securityFilterProviders = {
negotiateSecurityFilterProvider,
basicSecurityFilterProvider };
return new SecurityFilterProviderCollection(securityFilterProviders);
}
@Bean
public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(
SecurityFilterProviderCollection securityFilterProviderCollection) {
NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint = new NegotiateSecurityFilterEntryPoint();
negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilterEntryPoint;
}
@Bean
public NegotiateSecurityFilter waffleNegotiateSecurityFilter(SecurityFilterProviderCollection securityFilterProviderCollection) {
NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
return negotiateSecurityFilter;
}
// This is required for Spring Boot so it does not register the same filter twice
@Bean
public FilterRegistrationBean waffleNegotiateSecurityFilterRegistration(NegotiateSecurityFilter waffleNegotiateSecurityFilter) {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(waffleNegotiateSecurityFilter);
registrationBean.setEnabled(false);
return registrationBean;
}
}但是,当我们试图获得request.getRemoteUser(),的值时,值是空。
对于这样一个看似简单的要求,我们做错了什么?
回答 1
Stack Overflow用户
发布于 2020-04-16 15:11:43
我按照这里的配置解决了这个问题
https://github.com/Waffle/waffle/tree/master/Source/JNA/waffle-demo/waffle-spring-boot-filter2
在pom.xml中,我们添加了依赖项
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna</artifactId>
<version>${jna.version}</version>
</dependency>
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna-platform</artifactId>
<version>${jna.version}</version>
</dependency>
<dependency>
<groupId>com.github.waffle</groupId>
<artifactId>waffle-spring-boot-starter</artifactId>
<version>2.2.1</version>
</dependency>在SecurityConfig.java中,以下更改
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private NegotiateSecurityFilter filter;
private NegotiateSecurityFilterEntryPoint entryPoint;
/**
* Autowire constructor injects bean auto-configured by Starter.
*
* @param filter
* the filter
* @param entryPoint
* the entry point
*/
public SecurityConfig(NegotiateSecurityFilter filter, NegotiateSecurityFilterEntryPoint entryPoint) {
this.filter = filter;
this.entryPoint = entryPoint;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and()
.addFilterBefore(filter, BasicAuthenticationFilter.class).exceptionHandling()
.authenticationEntryPoint(entryPoint);
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/61244971
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号