|
|
|
|
@ -301,7 +301,18 @@
@@ -301,7 +301,18 @@
|
|
|
|
|
Where "securityDataSource" is the name of a <classname>DataSource</classname> bean in the application context, |
|
|
|
|
pointing at a database containing the standard Spring Security user data tables. Alternatively, you could configure |
|
|
|
|
a Spring Security <classname>JdbcDaoImpl</classname> bean and point at that using the <literal>user-service-ref</literal> |
|
|
|
|
attribute. |
|
|
|
|
attribute: |
|
|
|
|
<programlisting><![CDATA[ |
|
|
|
|
<authentication-provider user-service-ref='myUserDetailsService'/> |
|
|
|
|
|
|
|
|
|
<beans:bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl"> |
|
|
|
|
<beans:property name="dataSource" ref="dataSource"/> |
|
|
|
|
</beans:bean> |
|
|
|
|
]]> |
|
|
|
|
</programlisting> |
|
|
|
|
You can also use standard <interfacename>AuthenticationProvider</interfacename> beans by adding the |
|
|
|
|
<literal><custom-authentication-provider></literal> element within the bean definition. See |
|
|
|
|
<xref linkend="ns-auth-manager"/> for more on this. |
|
|
|
|
</para> |
|
|
|
|
<section><title>Adding a Password Encoder</title> |
|
|
|
|
<para> |
|
|
|
|
@ -683,7 +694,7 @@
@@ -683,7 +694,7 @@
|
|
|
|
|
</para> |
|
|
|
|
<para> |
|
|
|
|
For method security, you do this by setting the <literal>access-decision-manager-ref</literal> attribute |
|
|
|
|
on <literal>global-security</literal>to the Id of the appropriate |
|
|
|
|
on <literal>global-method-security</literal>to the Id of the appropriate |
|
|
|
|
<interfacename>AccessDecisionManager</interfacename> bean in the application context: |
|
|
|
|
<programlisting><![CDATA[ |
|
|
|
|
<global-method-security access-decision-manager-ref="myAccessDecisionManagerBean"> |
|
|
|
|
@ -699,31 +710,33 @@
@@ -699,31 +710,33 @@
|
|
|
|
|
</http> |
|
|
|
|
]]></programlisting> |
|
|
|
|
</para> |
|
|
|
|
</section> |
|
|
|
|
|
|
|
|
|
<section xml:id="ns-auth-manager"> |
|
|
|
|
<title>The Authentication Manager</title> |
|
|
|
|
<para> |
|
|
|
|
We've touched on the idea that the namespace configuration automatically registers an authentication manager bean for |
|
|
|
|
you. This is an instance of Spring Security's <classname>ProviderManager</classname> class, which you may already |
|
|
|
|
be familiar with if you've used the framework before. |
|
|
|
|
</para> |
|
|
|
|
<para> |
|
|
|
|
You may want to register additional <classname>AuthenticationProvider</classname> beans with the <classname>ProviderManager</classname> |
|
|
|
|
and you can do this using the <literal><custom-authentication-provider></literal> element within the bean. For example: |
|
|
|
|
<programlisting><![CDATA[ |
|
|
|
|
</section> |
|
|
|
|
</section> |
|
|
|
|
<section xml:id="ns-auth-manager"> |
|
|
|
|
<title>The Default Authentication Manager</title> |
|
|
|
|
<para> |
|
|
|
|
We've touched on the idea that the namespace configuration automatically registers an authentication manager bean for |
|
|
|
|
you. This is an instance of Spring Security's <classname>ProviderManager</classname> class, which you may already |
|
|
|
|
be familiar with if you've used the framework before. You can't use a custom <literal>AuthenticationProvider</literal> if you are |
|
|
|
|
using either HTTP or method security through the namespace, but this should not be a problem as you have full control over |
|
|
|
|
the <literal>AuthenticationProvider</literal>s that are used. |
|
|
|
|
</para> |
|
|
|
|
<para> |
|
|
|
|
You may want to register additional <classname>AuthenticationProvider</classname> beans with the <classname>ProviderManager</classname> |
|
|
|
|
and you can do this using the <literal><custom-authentication-provider></literal> element within the bean. For example: |
|
|
|
|
<programlisting><![CDATA[ |
|
|
|
|
<bean id="casAuthenticationProvider" |
|
|
|
|
class="org.springframework.security.providers.cas.CasAuthenticationProvider"> |
|
|
|
|
<security:custom-authentication-provider /> |
|
|
|
|
... |
|
|
|
|
</bean> |
|
|
|
|
]]></programlisting> |
|
|
|
|
</para> |
|
|
|
|
<para> |
|
|
|
|
Another common requirement is that another bean in the context may require a reference to the <interfacename>AuthenticationManager</interfacename>. |
|
|
|
|
There is a special element which lets you register an alias for the <interfacename>AuthenticationManager</interfacename> and you can then |
|
|
|
|
use this name elsewhere in your application context. |
|
|
|
|
<programlisting><![CDATA[ |
|
|
|
|
</para> |
|
|
|
|
<para> |
|
|
|
|
Another common requirement is that another bean in the context may require a reference to the <interfacename>AuthenticationManager</interfacename>. |
|
|
|
|
There is a special element which lets you register an alias for the <interfacename>AuthenticationManager</interfacename> and you can then |
|
|
|
|
use this name elsewhere in your application context. |
|
|
|
|
<programlisting><![CDATA[ |
|
|
|
|
<security:authentication-manager alias="authenticationManager"/> |
|
|
|
|
|
|
|
|
|
<bean id="customizedFormLoginFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> |
|
|
|
|
@ -732,8 +745,7 @@
@@ -732,8 +745,7 @@
|
|
|
|
|
... |
|
|
|
|
</bean> |
|
|
|
|
]]></programlisting> |
|
|
|
|
</para> |
|
|
|
|
</section> |
|
|
|
|
|
|
|
|
|
</para> |
|
|
|
|
</section> |
|
|
|
|
|
|
|
|
|
</chapter> |
Luke Taylor
18 years ago