active java spring spring-security siteminder pre-authentication

java - active - spring security ldap authentication provider



El filtro de autenticación previa de seguridad Spring solicita AuthenticationEntryPoint (1)

Supongo que en el caso de la autenticación previa debe declarar un Http403ForbiddenEntryPoint y hacer referencia a través entry-point-ref atributo de entry-point-ref de <http> .

Estoy tratando de usar PreAuthFilter (para Siteminder) con Spring Security 3.0.

<http use-expressions="true"> <intercept-url pattern="/admin/**" access="hasRole(''ROLE_ADMIN'')" /> <intercept-url pattern="/403.jsp" access="permitAll" /> <!-- Allow non-secure access to static resources --> <intercept-url pattern="/css/**" filters="none" /> <intercept-url pattern="/images/**" filters="none" /> <custom-filter ref="siteminderFilter" position="PRE_AUTH_FILTER"/> <!-- <form-login /> --> <logout logout-success-url="/index.jsp"/> </http> <beans:bean id="siteminderFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter"> <beans:property name="principalRequestHeader" value="SM_USER"/> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="exceptionIfHeaderMissing" value="false"/> </beans:bean> <beans:bean id="AdminUserDetailsService" class="com.fw.security.auth.MyUserDetailsService"> </beans:bean> <beans:bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider"> <beans:property name="preAuthenticatedUserDetailsService"> <beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> <beans:property name="userDetailsService" ref="AdminUserDetailsService"/> </beans:bean> </beans:property> </beans:bean> <authentication-manager alias="authenticationManager"> <authentication-provider ref="preauthAuthProvider" /> </authentication-manager>

La configuración anterior falla con

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the ''entry-point-ref'' attribute Offending resource: ServletContext resource [/WEB-INF/security-app-context.xml]

1) ¿Cómo especifico un AuthenticationEntryPoint ???

2) ¿Y es realmente aplicable para un escenario de autenticación previa?

Solución

según la solution de axtavt a continuación:

Crea un bean con Http403ForbiddenEntryPoint

<beans:bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"> </beans:bean>

y referirlo en <http>

<http use-expressions="true" auto-config="false" entry-point-ref="http403EntryPoint">