Merge x509 certificates and login with spring security
I want to configure my web app to support login (database credentials) or with x509 certificates (eId card reader), is this possible?
ApplicationContext-security.xml:
<http use-expressions="true">
<session-management invalid-session-url="${logout.url}" session-fixation-protection="newSession" >
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
<intercept-url pattern="/index.zul" requires-channel="http" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/restricted/admin/**" requires-channel="https" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/restricted/**" requires-channel="https" access="hasAnyRole('ROLE_PUBLIC', 'ROLE_VDL', 'ROLE_ADMIN', 'ROLE_READ_ONLY')" />
<x509 subject-principal-regex="SERIALNUMBER=(.*?)," user-service-ref="userDetailsService" />
<form-login login-page="/index.zul" default-target-url="/restricted/index.zul"
authentication-failure-url="/denied.html"
login-processing-url="/j_spring_security_check"/>
<logout logout-success-url="/index.zul" invalidate-session="true" />
<access-denied-handler error-page="/denied.html"></access-denied-handler>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource" id="userDetailsService"
authorities-by-username-query="SELECT u.username, a.authority
FROM users u
LEFT JOIN users_authorities ua ON u.username=ua.users_username
LEFT JOIN authorities a ON ua.authorities_id=a.id
WHERE username=?" />
</authentication-provider>
</authentication-manager>
<beans:bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="${jdbc.driverClassName}" />
<beans:property name="url" value="${jdbc.url}" />
<beans:property name="username" value="${jdbc.username}" />
<beans:property name="password" value="${jdbc.password}" />
</beans:bean>
The login form works fine, but the login by certificate does not work, I am sure there is a suitable aproche to merge the two systems together, but I have not found a complete tutorial on the internet. Can anyone help me?
early.
+3
source to share
1 answer
thanks for your comments and suggestions, I changed my settings and it seems to work fine, here is my new application context security file:
<http use-expressions="true" auto-config="true" access-denied-page="/denied"
authentication-manager-ref="authenticationManager">
<intercept-url pattern="/index" access="permitAll" />
<intercept-url pattern="/restricted/admin" access="hasRole('ROLE_ADMIN')" requires-channel="https" />
<intercept-url pattern="/restricted" requires-channel="https" access="hasAnyRole('ROLE_PUBLIC', 'ROLE_VDL', 'ROLE_ADMIN', 'ROLE_READ_ONLY')" />
<form-login login-page="/index.zul" default-target-url="/restricted/index.zul"
authentication-failure-url="/denied.html"
login-processing-url="/j_spring_security_check"/>
<x509 subject-principal-regex="SERIALNUMBER=(.*?)," user-service-ref="x509DS" />
<logout logout-success-url="/index.zul" invalidate-session="true" /> <!--${logout.url}-->
</http>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref bean="authenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="formDS" />
</beans:bean>
<jdbc-user-service data-source-ref="dataSource" id="formDS"
authorities-by-username-query="SELECT u.username, a.authority
FROM users u
LEFT JOIN users_authorities ua ON u.username=ua.users_username
LEFT JOIN authorities a ON ua.authorities_id=a.id
WHERE username=? AND u.canlogwithform=TRUE
AND expirationdate >= now() " />
<jdbc-user-service data-source-ref="dataSource" id="x509DS" authorities-by-username-query="SELECT u.username, a.authority
FROM users u
LEFT JOIN users_authorities ua ON u.username=ua.users_username
LEFT JOIN authorities a ON ua.authorities_id=a.id
WHERE username=?" />
+3
source to share