使用登录名和密码或证书进行身份验证
Authenticaton with login and password or with certificate
我有一个带有 spring 引导的应用程序,用户可以在其中使用登录名和密码或数字证书进行身份验证。
我尝试使用用户和密码进行验证,但它有效,但是当我尝试使用证书进行验证时,chrome 不向我显示 windows 到 select 我想在验证中使用的证书(我有几个证书,服务器是安全的,等等...)
有什么想法吗?
我附上我的 WebSecurityConfigurerAdapter 的代码以防我输入错误
> @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@EnableWebSecurity
@Configuration
@RequiredArgsConstructor
@Slf4j
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Configuration
@Order(2)
public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider customAuthProvider;
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.mvcMatchers(PublicUrls.URLS).permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/")
.permitAll()
.and()
.cors()
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll();
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider);
}
}
@Configuration
@Order(1)
public static class UserSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider2 customAuthProvider2;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/loginCert*").authorizeRequests()
.mvcMatchers(PublicUrls.URLS).permitAll()
.anyRequest().fullyAuthenticated()
.and().x509()
.subjectPrincipalRegex("CN=(.*?)(?:,|$)")
.userDetailsService(userDetailsService());
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider2);
}
}
@Bean("authenticationManager")
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
配置属性为:
server.ssl.key-store=store/keystore.jks
server.ssl.key-store-password=changeit server.ssl.key-alias=localhost
server.ssl.key-password=changeit server.ssl.enabled=true
server.ssl.client-auth=need server.port=8443
让浏览器提示您输入客户端证书
如果使用嵌入式 tomcat
,您需要在 application.properties 中设置以下 Spring 属性
server.ssl.client-auth=need
对于专用 tomcat,您需要在 server.xml
中设置以下 属性
clientAuth="want"
参考以下教程设置相互认证/双向 SSL
https://www.baeldung.com/x-509-authentication-in-spring-security
我有一个带有 spring 引导的应用程序,用户可以在其中使用登录名和密码或数字证书进行身份验证。 我尝试使用用户和密码进行验证,但它有效,但是当我尝试使用证书进行验证时,chrome 不向我显示 windows 到 select 我想在验证中使用的证书(我有几个证书,服务器是安全的,等等...)
有什么想法吗? 我附上我的 WebSecurityConfigurerAdapter 的代码以防我输入错误
> @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@EnableWebSecurity
@Configuration
@RequiredArgsConstructor
@Slf4j
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Configuration
@Order(2)
public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider customAuthProvider;
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.mvcMatchers(PublicUrls.URLS).permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/")
.permitAll()
.and()
.cors()
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll();
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider);
}
}
@Configuration
@Order(1)
public static class UserSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider2 customAuthProvider2;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/loginCert*").authorizeRequests()
.mvcMatchers(PublicUrls.URLS).permitAll()
.anyRequest().fullyAuthenticated()
.and().x509()
.subjectPrincipalRegex("CN=(.*?)(?:,|$)")
.userDetailsService(userDetailsService());
}
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider2);
}
}
@Bean("authenticationManager")
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
配置属性为:
server.ssl.key-store=store/keystore.jks server.ssl.key-store-password=changeit server.ssl.key-alias=localhost server.ssl.key-password=changeit server.ssl.enabled=true server.ssl.client-auth=need server.port=8443
让浏览器提示您输入客户端证书
如果使用嵌入式 tomcat
server.ssl.client-auth=need
对于专用 tomcat,您需要在 server.xml
中设置以下 属性clientAuth="want"
参考以下教程设置相互认证/双向 SSL
https://www.baeldung.com/x-509-authentication-in-spring-security