Using Tomcat NTLM with Spring Security_问答_开发者

开发者 https://www.devze.com 2023-01-17 05:52 出处：网络

I\'m using Spring Security 2 with Spring MVC. The tomcat container I will be using already has NTLM support and will provide access to only authenticated users, be开发者_StackOverflow社区fore forwardi

I'm using Spring Security 2 with Spring MVC. The tomcat container I will be using already has NTLM support and will provide access to only authenticated users, be开发者_StackOverflow社区fore forwarding their username in the header of the request.

I tried writing a custom AutenticationEntryPoint with the idea that no form/ http-basic login would be required, since the request header would already contain the userIDs. But so far, I have found no means of achieving this.

Any ideas and suggestions would be highly appreciated.

Thanks.

Look at Waffle. Maybe Waffle itself is not what you want, but it has a spring security filter implementation that is on the receiving end of what you're trying to achieve.

I actually found that Spring security has native support for pre-authenticated security. In particular, I looked at org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter, which comes with a number of implemententations, of which RequestHeaderPreAuthenticatedProcessingFilter seemed the most useful. Alternatively, one could also write a custom filter by extending the AbstractPreAuthenticatedProcessingFilter. Once that is done, you will also need to define a custom entry point in your application context, along with other dependencies required by Spring Security. I apologize that I'm in a rush and don't have time to format it properly. Hope this helps.

<bean id="customEntryPoint"
    class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" />

and this

<bean id="preauthAuthProvider"
        class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
    <security:custom-authentication-provider />
    <property name="preAuthenticatedUserDetailsService">
        <bean id="userDetailsServiceWrapper"
                class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
            <property name="userDetailsService" ref="userDetailsService" />
        </bean>
    </property>
</bean>

and this

<bean id="userDetailsService" class="yourimplementation.CustomUserDetailsService" />

and this

<security:http auto-config="false"
        access-decision-manager-ref="accessDecisionManager"
        entry-point-ref="customEntryPoint">
    <security:intercept-url pattern="/*" access="permitAll" />
</security:http>
<security:authentication-manager alias="authenticationManager" />