1. Implement a custom AuthenticationProvider which gets all your authentication information from the Authentication: getCredentials(), getDetails(), and getPrincipal().

   Tie it into your Spring Security authentication mechanism using the following configuration snippet:

   <bean id="myAuthenticationProvider" class="com.example.MyAuthenticationProvider">   <security:custom-authentication-provider /> </bean> 

2. This step is optional, if you can find a suitable one from standard implementations. If not, implement a class extending the Authentication interface on which you can put your authentication parameters:

   (e.g. a user identifier, timestamp, signature, etc.) 

3. Extend a custom SpringSecurityFilter which ties the above two classes together. For example, the Filter might get the AuthenticationManager and call authenticate() using your implementation of Authentication as input.

   You can extend AbstractAuthenticationProcessingFilter as a start.

   You can reference UsernamePasswordAuthenticationFilter which extendsAbstractAuthenticationProcessingFilter. UsernamePasswordAuthenticationFilterimplements the standard Username/Password Authentication.

4. Configure your Spring Security to add or replace the standardAUTHENTICATION_PROCESSING_FILTER. For Spring Security Filter orders, seehttp://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#filter-stack

   Here is a configuration snippet for how to replace it with your implementation:

   <beans:bean id="myFilter" class="com.example.MyAuthenticationFilter">   <custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/> </beans:bean>

阅读全文……

发表评论

IT瘾于2013年1月9日 上午09时45分21秒发布 #