具有登录名和密码或证书的身份验证

qyzbxkaa  于 2021-10-10  发布在  Java
关注(0)|答案(1)|浏览(473)

我有一个使用spring boot的应用程序,用户可以通过登录和密码或数字证书进行身份验证。我尝试使用用户和密码进行验证,但当我尝试使用证书进行验证时,chrome不会显示窗口来选择我要在验证中使用的证书(我有多个证书,服务器是安全的,等等)
有什么想法吗?我附上我的WebSecurity配置适配器的代码,以防出错

> @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@EnableWebSecurity
@Configuration
@RequiredArgsConstructor
@Slf4j
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Configuration
    @Order(2)
    public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
        @Autowired
        CustomAuthenticationProvider customAuthProvider;

        @Override
        public void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests()
                    .mvcMatchers(PublicUrls.URLS).permitAll()
                    .anyRequest().fullyAuthenticated()
                    .and()
                    .formLogin()
                    .loginPage("/login")
                    .defaultSuccessUrl("/")
                    .permitAll()
                    .and()
                    .cors()
                    .and()
                    .logout()
                    .invalidateHttpSession(true)
                    .clearAuthentication(true)
                    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                    .logoutSuccessUrl("/login?logout")
                    .permitAll();

        }
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.authenticationProvider(customAuthProvider);
        }
    }
        @Configuration
        @Order(1)
        public static class UserSecurityConfig extends WebSecurityConfigurerAdapter {

            @Autowired
            CustomAuthenticationProvider2 customAuthProvider2;

            @Override
            protected void configure(HttpSecurity http) throws Exception {

                http.antMatcher("/loginCert*").authorizeRequests()
                        .mvcMatchers(PublicUrls.URLS).permitAll()
                        .anyRequest().fullyAuthenticated()
                        .and().x509()
                        .subjectPrincipalRegex("CN=(.*?)(?:,|$)")
                        .userDetailsService(userDetailsService());
            }

            protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.authenticationProvider(customAuthProvider2);
            }

        }

    @Bean("authenticationManager")
    @Override
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }

配置属性包括:
server.ssl.key store=store/keystore.jks server.ssl.key store password=changeit server.ssl.key alias=localhost server.ssl.key password=changeit server.ssl.enabled=true server.ssl.client auth=need server.port=8443

c86crjj0

c86crjj01#

使浏览器提示您输入客户端证书
如果使用嵌入式tomcat,则需要在application.properties中设置以下spring属性

server.ssl.client-auth=need

对于专用tomcat,您需要在server.xml中设置以下属性

clientAuth="want"

请参阅下面的教程以设置双向身份验证/2路ssl
https://www.baeldung.com/x-509-authentication-in-spring-security

相关问题