8
스프링 보안 3.2.2 및 스프링 프레임 워크 3.2.8에 대한 다음 Java 구성을 사용하면 '.eraseCredentials (false)'을 사용할 때도 사용자 비밀번호가 삭제됩니다. authentication.getCredentials()을 사용할 수 없습니다.Java Config가있는 스프링 보안이 eraseCredentials 메소드를 작동하지 않습니다.
@Configuration
@EnableWebSecurity
@Order(1)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean(name = "authenticationEntryPoint")
public LoginUrlAuthenticationEntryPoint authenticationEntryPoint() {
return new XhrAwareAuthenticationEntryPoint("/home?noAuthenticated=expired");
}
@Bean(name = "acessDeniedHandler")
public AccessDeniedHandler acessDeniedHandler() {
XhrAwareAccessDeniedHandlerImpl xhrAwareAccessDeniedHandler = new XhrAwareAccessDeniedHandlerImpl();
xhrAwareAccessDeniedHandler.setErrorPage("/denied");
return xhrAwareAccessDeniedHandler;
}
@Bean(name = "atlasAuthenticationSuccessHandler")
public AtlasAuthenticationSuccessHandler atlasAuthenticationSuccessHandler() {
return new AtlasAuthenticationSuccessHandler("/views/hub");
}
@Bean(name = "atlasAuthenticationFailureHandler")
public AtlasAuthenticationFailureHandler atlasAuthenticationFailureHandler() {
return new AtlasAuthenticationFailureHandler("/home?loginError=error");
}
@Bean(name = "atlasLogoutSuccessHandler")
public AtlasLogoutSuccessHandler atlasLogoutSuccessHandler() {
AtlasLogoutSuccessHandler atlasLogoutSuccessHandler = new AtlasLogoutSuccessHandler();
atlasLogoutSuccessHandler.setDefaultTargetUrl("/home?logoff=disconnect");
return atlasLogoutSuccessHandler;
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.httpBasic()
.authenticationEntryPoint(this.authenticationEntryPoint())
.and()
.exceptionHandling()
.accessDeniedHandler(this.acessDeniedHandler())
.and()
.formLogin()
.usernameParameter("j_username")
.passwordParameter("j_password")
.loginPage("/home")
.loginProcessingUrl("/login")
.failureHandler(this.atlasAuthenticationFailureHandler())
.successHandler(this.atlasAuthenticationSuccessHandler())
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessHandler(this.atlasLogoutSuccessHandler())
.invalidateHttpSession(true)
.permitAll()
.and()
.authorizeRequests()
.antMatchers(
ViewsConstants.VIEWS_URI + "/**",
RssController.RSS_URI + "/**",
ProxySolrController.SEARCH_URI + "/**")
.authenticated()
.antMatchers(ConfigurationProperties.ADMIN_URI + "/**").hasAnyRole(Role.ADMIN)
.antMatchers("/**").permitAll();
}
@Configuration
@Profile("DES")
public static class AuthenticacioInMemoryConfig {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.eraseCredentials(false).inMemoryAuthentication()
.withUser("user").password("atlas").authorities("ROLE_USER").and()
.withUser("admin").password("atlas").authorities("ROLE_ADMIN");
}
}
@Configuration
@Profile("PRO")
@PropertySource("file:${config.env}/config_env.properties")
public static class AuthenticacionLdapConfig {
@Value("${ldap.host}")
private String host;
@Value("${ldap.port}")
private String port;
@Value("${ldap.basedn}")
private String baseDn;
@Value("${ldap.userdn}")
private String userDn;
@Value("${ldap.passw}")
private String password;
@Bean
public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
return new PropertySourcesPlaceholderConfigurer();
}
@Bean(name = "contextSource")
public DefaultSpringSecurityContextSource contextSource() {
DefaultSpringSecurityContextSource contextSource =
new DefaultSpringSecurityContextSource("ldap://" + this.host + ":" + this.port);
contextSource.setUserDn(this.userDn);
contextSource.setPassword(this.password);
return contextSource;
}
@Bean(name = "userSearch")
public FilterBasedLdapUserSearch userSearch() {
return new FilterBasedLdapUserSearch(this.baseDn, "(bsalias={0})", this.contextSource());
}
@Bean(name = "ldapAuthenticator")
public LdapAuthenticator ldapAuthenticator() {
BindAuthenticator authenticator = new BindAuthenticator(this.contextSource());
authenticator.setUserSearch(this.userSearch());
return authenticator;
}
@Bean(name = "atlasAuthoritiesPopulator")
public AtlasAuthoritiesPopulator atlasAuthoritiesPopulator() {
return new AtlasAuthoritiesPopulator();
}
@Bean(name = "ldapAuthenticationProvider")
public LdapAuthenticationProvider ldapAuthenticationProvider() {
return new LdapAuthenticationProvider(this.ldapAuthenticator(), this.atlasAuthoritiesPopulator());
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.eraseCredentials(false).authenticationProvider(this.ldapAuthenticationProvider());
}
}
}
그러나 동일한 스프링 보안 및 스프링 프레임 워크에 대해 xml 구성을 사용하면 ok가 실행되고 암호를 사용할 수 있습니다.
<context:property-placeholder location="file:${config.env:}/config_env.properties" />
<global-method-security secured-annotations="enabled"/>
<beans:bean id="authenticationEntryPoint"
class="es.isban.atlas.views.web.core.authentication.XhrAwareAuthenticationEntryPoint">
<beans:constructor-arg name="loginFormUrl" value="/home?noAuthenticated=expired"/>
</beans:bean>
<beans:bean id="accessDeniedHandler"
class="es.isban.atlas.views.web.core.authentication.XhrAwareAccessDeniedHandlerImpl">
<beans:property name="errorPage" value="/denied" />
</beans:bean>
<beans:bean id="atlasAuthenticationSuccessHandler"
class="es.isban.atlas.views.web.core.authentication.AtlasAuthenticationSuccessHandler">
<beans:constructor-arg name="defaultTargetUrl" value="/views/hub"/>
</beans:bean>
<beans:bean id="atlasAuthenticationFailureHandler"
class="es.isban.atlas.views.web.core.authentication.AtlasAuthenticationFailureHandler">
<beans:constructor-arg name="defaultFailureUrl" value="/home?loginError=error"/>
</beans:bean>
<beans:bean id="atlasLogoutSuccessHandler"
class="es.isban.atlas.views.web.core.authentication.AtlasLogoutSuccessHandler">
<beans:property name="defaultTargetUrl" value="/home?logoff=disconnect" />
</beans:bean>
<!-- This is where we configure Spring-Security -->
<http use-expressions="true"
entry-point-ref="authenticationEntryPoint">
<access-denied-handler ref="accessDeniedHandler" />
<intercept-url pattern="/*" access="permitAll()"/>
<intercept-url pattern="/views/**" access="isAuthenticated()" />
<intercept-url pattern="/rss/**" access="isAuthenticated()" />
<intercept-url pattern="/search/**" access="isAuthenticated()" />
<intercept-url pattern="/admin/**" access="hasAnyRole('ROLE_ADMIN')" />
<form-login login-page="/home"
login-processing-url="/login"
authentication-success-handler-ref="atlasAuthenticationSuccessHandler"
authentication-failure-handler-ref="atlasAuthenticationFailureHandler" />
<!-- authentication-failure-url="/home?loginError=error"
default-target-url="/views/hub" -->
<logout logout-url="/logout"
invalidate-session="true"
success-handler-ref="atlasLogoutSuccessHandler" />
<!-- logout-success-url="/home"
delete-cookies="true" -->
</http>
<beans:beans profile="PRO">
<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://${ldap.host}:${ldap.port}"/>
<beans:property name="userDn" value="${ldap.userdn}"/>
<beans:property name="password" value="${ldap.passw}"/>
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userSearch">
<beans:bean class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg value="${ldap.basedn}"/>
<beans:constructor-arg value="(bsalias={0})"/>
<beans:constructor-arg ref="contextSource"/>
</beans:bean>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="es.isban.atlas.views.web.core.authorization.AtlasAuthoritiesPopulator" />
</beans:constructor-arg>
</beans:bean>
<authentication-manager erase-credentials="false">
<authentication-provider ref="ldapAuthProvider" />
</authentication-manager>
</beans:beans>
<beans:beans profile="DES">
<authentication-manager erase-credentials="false">
<authentication-provider>
<user-service>
<user name="user" password="atlas" authorities="ROLE_USER" />
<user name="admin" password="atlas" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
미리 감사드립니다.