인증 폴백을 사용하여 Crowd Spring Security 구성

Question

기존 데이터베이스 인증을 사용하는 기존 Java/Spring/Hibernate 웹 애플리케이션이 있습니다. 방금 ​​성공으로 Crowd SSO 플랫폼으로 마이그레이션했습니다. 모든 것이 예상대로 작동하지만 Crowd 서버가 다운 된 경우 이전 인증 시스템으로 폴백하도록 스프링 보안을 구성하려고합니다.

나는 계단식 인증을 구성하지 않았으며, Google에서 읽은 책은 지금까지 도움이되지 않았습니다. 내가 어떻게 성취 할 수 있는지 아십니까?

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans" 
     xmlns="http://www.springframework.org/schema/security" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.2.xsd 
     http://www.springframework.org/schema/util 
     http://www.springframework.org/schema/util/spring-util-3.0.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-3.1.xsd" 
     xmlns:util="http://www.springframework.org/schema/util" 
     default-autowire="byName"> 

<http entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint"> 
    <intercept-url pattern="/**/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
    <intercept-url pattern="/**/logout" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
    <intercept-url pattern="/**/login.html" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
    <intercept-url pattern="/admin/**" access="ROLE_ADMINISTRATOR"/> 
    <intercept-url pattern="/**" access="ROLE_ADMINISTRATOR"/> 
    <custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"/> 
    <custom-filter position="LOGOUT_FILTER" ref="logoutFilter"/> 
</http> 

<!-- My previous authentication filter --> 
<beans:bean id="authenticationFilter" 
      class="my.package.security.CustomAuthenticationProcessingFilter"> 
    <beans:property name="authenticationManager" ref="formAuthenticationManager"/> 
    <beans:property name="filterProcessesUrl" value="/login"/> 
    <beans:property name="continueChainBeforeSuccessfulAuthentication" value="false"/> 
    <beans:property name="postOnly" value="true"/> 
    <beans:property name="authenticationSuccessHandler" ref="authenticationHandler"/> 
    <beans:property name="authenticationFailureHandler" ref="authenticationHandler"/> 
</beans:bean> 
<beans:bean id="authenticationHandler" class="my.package.security.CustomAuthenticationHandler"> 
    <beans:property name="alwaysUseDefaultTargetUrl" value="false"/> 
</beans:bean> 
<beans:bean id="customAuthenticationProvider" 
      class="my.package.security.MyDaoAuthenticationProvider"> 
    <beans:property name="SaltSource"> 
     <beans:bean class="org.springframework.security.authentication.dao.ReflectionSaltSource"> 
      <beans:property name="userPropertyToUse" value="salt"/> 
     </beans:bean> 
    </beans:property> 
</beans:bean> 

<!-- Crowd config --> 
<beans:bean id="crowdUserDetailsService" class="my.package.security.CustomCrowdUserDetailsServiceImpl"> 
    <beans:property name="authenticationManager" ref="crowdAuthenticationManager"/> 
    <beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/> 
    <beans:property name="userManager" ref="crowdUserManager"/> 
    <beans:property name="authorityPrefix" value=""/> 
    <beans:property name="userController" ref="userController"/> 
</beans:bean> 


<beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider"> 
    <beans:constructor-arg ref="crowdAuthenticationManager"/> 
    <beans:constructor-arg ref="httpAuthenticator"/> 
    <beans:constructor-arg ref="crowdUserDetailsService"/> 
</beans:bean> 

<authentication-manager alias="authenticationManager"> 
    <authentication-provider ref='crowdAuthenticationProvider' /> 
</authentication-manager> 

<beans:bean id="crowdAuthenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> 
    <beans:constructor-arg value="/login.html"/> 
</beans:bean> 

<beans:bean id="authenticationProcessingFilter" class="com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter"> 
    <beans:property name="httpAuthenticator" ref="httpAuthenticator"/> 
    <beans:property name="authenticationManager" ref="authenticationManager"/> 
    <beans:property name="filterProcessesUrl" value="/login"/> 
    <beans:property name="authenticationFailureHandler"> 
     <beans:bean class="com.atlassian.crowd.integration.springsecurity.UsernameStoringAuthenticationFailureHandler"> 
      <beans:property name="defaultFailureUrl" value="/login.html?login_error=1"/> 
     </beans:bean> 
    </beans:property> 
    <beans:property name="authenticationSuccessHandler"> 
     <beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> 
      <beans:property name="defaultTargetUrl" value="/flexibility.html"/> 
     </beans:bean> 
    </beans:property> 
</beans:bean> 

<beans:bean id="crowdLogoutHandler" class="com.atlassian.crowd.integration.springsecurity.CrowdLogoutHandler"> 
    <beans:property name="httpAuthenticator" ref="httpAuthenticator"/> 
</beans:bean> 

<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> 
    <beans:constructor-arg value="/login.html"/> 
    <beans:constructor-arg> 
     <beans:list> 
      <beans:ref bean="crowdLogoutHandler"/> 
      <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> 
     </beans:list> 
    </beans:constructor-arg> 
    <beans:property name="filterProcessesUrl" value="/logout"/> 
</beans:bean> 

Answer 1

는 당신이 필요로하는 여러 인증 공급자로 구성된 인증 관리자입니다 :

여기 내 봄 보안 구성입니다. This 예를 들어