gpt4 book ai didi

java - Spring Security Oauth2——多用户认证服务

转载 作者:搜寻专家 更新时间:2023-10-31 19:38:16 25 4
gpt4 key购买 nike

我的应用程序提供的 oauth2 token 服务与以下 github 项目中提供的服务相同:https://github.com/iainporter/oauth2-provider

它基于 Spring Security OAuth2。

我提供了 UserDetailsS​​ervice 的自定义实现:

<bean id="userService" class="org.example.core.service.DBUserServiceImpl" />

和以下用户身份验证管理器:

<sec:authentication-manager alias="userAuthenticationManager">
<sec:authentication-provider user-service-ref="userService">
<sec:password-encoder ref="passwordEncoder" />
</sec:authentication-provider>
</sec:authentication-manager>

现在我想提供其他用户身份验证方法(其他UserDetailsS​​ervice),例如:

<bean id="otherUserService" class="org.example.core.service.LDAPUserServiceImpl" />

不幸的是,我没有在文档中找到如何做到这一点的方法。在请求级别,我想区分使用哪种方法(哪种用户服务):

  • 查询参数
  • http header (例如 RealmName)

最佳答案

您需要使用DelegatingAuthenticationEntryPoint 来配置多个入口点。这意味着您可以有多种身份验证方式。以下是示例代码:

DBUser 入口点:

public class DBUserAuthencticationEntryPoint extends BasicAuthenticationEntryPoint {

@Override
public void commence(HttpServletRequest request,
HttpServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
super.commence(request, response, authException);
}
}

LDAP 入口点:

public class LDAPAuthencticationEntryPoint extends BasicAuthenticationEntryPoint {

@Override
public void commence(HttpServletRequest request,
HttpServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
super.commence(request, response, authException);
}
}

然后您需要创建 RequestMatcher 以选择正确的入口点(基于 header /领域名称):

DBUser 请求匹配器:

RequestMatcher dbUserMatcher = new RequestMatcher() {       
@Override
public boolean matches(HttpServletRequest request) {
// Logic to identify a DBUser kind of reqeust
}
};

LDAP 用户请求匹配器:

RequestMatcher ldapMatcher = new RequestMatcher() {     
@Override
public boolean matches(HttpServletRequest request) {
// Logic to identify a LDAP kind of reqeust
}
};

现在我们需要将这些匹配器和入口点添加到 DelegatingAuthenticationEntryPoint。在运行时 DelegatingAuthenticationEntryPoint 选择入口点并根据返回 true 的匹配器进行身份验证。

DBUserAuthencticationEntryPoint dbUserEntryPoint = new DBUserAuthencticationEntryPoint();
LDAPAuthencticationEntryPoint ldapEntryPoint = new LDAPAuthencticationEntryPoint();

LinkedHashMap<RequestMatcher,AuthenticationEntryPoint> entryPoints = new LinkedHashMap<RequestMatcher,AuthenticationEntryPoint>();
entryPoints.put(ldapMatcher, ldapEntryPoint);
entryPoints.put(dbUserMatcher, dbUserEntryPoint);

DelegatingAuthenticationEntryPoint delegatingAuthenticationEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);

现在在 configure() 方法中将 DelegatingAuthenticationEntryPoint 映射到 HttpSecurity:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
authorizeRequests().
regexMatchers("/login.*").permitAll().
regexMatchers("/api.*").fullyAuthenticated().
and().
formLogin().loginPage("/login").
and().
exceptionHandling().authenticationEntryPoint(delegatingAuthenticationEntryPoint);
}
}

配置提供商管理器:

@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(Arrays.asList(provider1, provider2);
}

关于java - Spring Security Oauth2——多用户认证服务,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27917004/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com