时间戳

首页 > 解决方案 > Spring SwitchUserFilter 在 Spring Security XML 文件和 web.xml 中工作

spring - Spring SwitchUserFilter 在 Spring Security XML 文件和 web.xml 中工作

问题描述

我在春天遇到了切换用户的问题。我是 switchuser 的新手,没有找到解决这个问题的正确方法。

这是我的代码:

Spring-Security.xml

 <beans:beans xmlns="http://www.springframework.org/schema/security"  xmlns:beans="http://www.springframework.org/schema/beans"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xsi:schemaLocation="http://www.springframework.org/schema/beans           http://www.springframework.org/schema/beans/spring-beans.xsd           http://www.springframework.org/schema/security           http://www.springframework.org/schema/security/spring-security.xsd">  <http pattern="/index" security='none' />

<http pattern="/passwordrecovery" security='none' />

<beans:bean id="customAuthenticationSuccessHandler" class="com.ds4u.project.handler.CustomAuthenticationSuccessHandler"/>

<http auto-config="true" use-expressions="true"
    authentication-manager-ref="authenticationManager">
    <headers>
        <cache-control />
    </headers>
     <custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />
    <!-- role based URL protection -->
    <intercept-url pattern="/admin/**" access= "hasRole('ROLE_ADMIN','ROLE_PREVIOUS_ADMINISTRATOR')" />
    <intercept-url pattern="/user/**" access= "hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_POWER_USER','ROLE_PATIENT')" />
    <intercept-url pattern="/patient/**" access= "hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_POWER_USER','ROLE_PATIENT')" />
    <intercept-url pattern="/welcome/**" access= "hasAnyRole('ROLE_ADMIN','ROLE_NEW_PATIENT')" />
    <intercept-url pattern="/poweruser/power**" access= "hasAnyRole('ROLE_ADMIN','ROLE_POWER_USER','ROLE_PROVIDER')" />
    <intercept-url pattern="/provider/**" access= "hasAnyRole('ROLE_ADMIN','ROLE_POWER_USER','ROLE_PROVIDER')" />
    <intercept-url pattern="/switchUser" access="hasAnyRole('ADMIN', 'ROLE_PREVIOUS_ADMINISTRATOR')"/>
    <!-- It will handle user login authentication  -->
    <form-login login-page="/login"  authentication-success-handler-ref="customAuthenticationSuccessHandler"
        authentication-failure-url="/loginerror"/>
    <logout logout-success-url="/" logout-url="/jlogout" delete-cookies="JSESSIONID"/>
    <!-- csrf prtoection configuration -->
    <csrf disabled="true" />
    <!-- unauthorized access handler -->
    <access-denied-handler error-page="/accessdenied" />

</http>
<beans:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
    <beans:property name="userDetailsService" ref="com.ds4u.project.service.UserDetailServiceImpl"/>
    <beans:property name="switchUserUrl" value="/admin/impersonate"/>
    <beans:property name="targetUrl" value="/admin/adminProvider"/>
    <beans:property name="switchFailureUrl" value="/admin/switchUser"/>
    <beans:property name="successHandler" ref="authenticationManager" />
</beans:bean>   
<authentication-manager id="authenticationManager">
    <authentication-provider>
        <password-encoder ref="encoder"/>
         <jdbc-user-service data-source-ref="DatabaseName"
            users-by-username-query=" 
            select UserName,Password, IsEnable from user where UserName = ? and IsEnable in(1,4)"
            authorities-by-username-query=" select u.username, ur.authority from user u, 
            authorities ur where u.authorityId = ur.id and u.username =? " />
   </authentication-provider>
 </authentication-manager>
    <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
    <beans:constructor-arg name="strength" value="10" />
</beans:bean></beans:beans>

switchuserprocessingfilter bean 中的 swithuserurl、targetUrl、switchFailureUrl、successHandler 是什么?

我的 Web.XML 是。

 <filter><filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
  </filter-class>
 </filter>
  <filter><filter-name>switchUserProcessingFilter</filter-name>
<filter-class> 
org.springframework.security.web.authentication.switchuser.SwitchUserFilter
</filter-class>
</filter>
<filter-mapping><filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping><filter-name>switchUserProcessingFilter</filter-name>
<url-pattern>/"what can be put here?"</url-pattern>
</filter-mapping>

在 web.xml 中,switchUserProcessingFilter 过滤器名称的 filterMapping 是什么?

我的 CustomAuthenticationSuccessHandler 代码是---

public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler{    
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

public void onAuthenticationSuccess(HttpServletRequest request,
        HttpServletResponse response, Authentication authentication) throws IOException,
        ServletException {

        HttpSession session = request.getSession();

        /* Set some session variables */
        User authUser = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        session.setAttribute("uname", authUser.getUsername());
        session.setAttribute("auhtorities", authUser.getAuthorities());

        /* Set target url to redirect */
        String targetUrl = determineTargetUrl(authentication);
        redirectStrategy.sendRedirect(request, response, targetUrl);
}

protected String determineTargetUrl(Authentication authentication){
    Set<String> authorities = AuthorityUtils.authorityListToSet(authentication.getAuthorities());

    if(authorities.contains("ROLE_USER")){
        return "/user/userhome";
    }else if(authorities.contains("ROLE_ADMIN")){
        return "/admin/home";
    }else if(authorities.contains("ROLE_POWER_USER")){
        return "/poweruser/poweruserhome";
    }
    else if(authorities.contains("ROLE_PATIENT")){
        return "/patient/home";
    }
    else if(authorities.contains("ROLE_PROVIDER")){
        return "/provider/home";
    }
    else if(authorities.contains("ROLE_NEW_PATIENT")){
        return "/welcome/home";
    }
    return "accessdenial.do";
}

public RedirectStrategy getRedirectStrategy() {
    return redirectStrategy;
}

public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
    this.redirectStrategy = redirectStrategy;
}

}

在安全 xml 中的 switchUserProcessingFilter bean 中引用的 userdetailsservice 类中的代码是什么?

当我运行此代码时,它给了我如下错误:

创建名为“org.springframework.security.filterChains”的bean时出错:无法解析对bean“org.springframework.security.web.DefaultSecurityFilterChain#2”的引用

我从 Google 和某处复制了 SWITCHUSERFILTER,但它没有处理并给出错误。

标签: springspring-mvc

解决方案

推荐阅读