gpt4 book ai didi

spring - 连接多种认证机制 Spring Boot Security

转载 作者:行者123 更新时间:2023-12-04 14:34:18 25 4
gpt4 key购买 nike

我的应用程序有一个安全配置,通过 LDAP 对用户进行身份验证.这很有效,但现在我想添加另一个 AuthenticationProvider对尝试进行身份验证的用户进行更多检查。所以我尝试添加一个 DbAuthenticationProvider (出于测试目的)总是拒绝访问。因此,当我尝试使用我的域帐户(适用于 activeDirectoryLdapAuthenticationProvider )登录时,我无法访问该页面,因为第二个提供程序未通过身份验证。

为了实现这个目标,我使用了以下代码:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Value("${ad.domain}")
private String AD_DOMAIN;

@Value("${ad.url}")
private String AD_URL;

@Autowired
UserRoleComponent userRoleComponent;

@Autowired
DbAuthenticationProvider dbAuthenticationProvider;

private final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);

@Override
protected void configure(HttpSecurity http) throws Exception {
this.logger.info("Verify logging level");
http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin()
.successHandler(new CustomAuthenticationSuccessHandler()).and().httpBasic().and().logout()
.logoutUrl("/logout").invalidateHttpSession(true).deleteCookies("JSESSIONID");
http.formLogin().defaultSuccessUrl("/", true);
}


@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
auth.authenticationProvider(dbAuthenticationProvider);
}

@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider(), dbAuthenticationProvider));
}

@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(AD_DOMAIN,
AD_URL);
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
return provider;
}
}

这是我的 DbAuthenticationProvider :
@Component
public class DbAuthenticationProvider implements AuthenticationProvider {

Logger logger = LoggerFactory.getLogger(DbAuthenticationProvider.class);

@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException {
auth.setAuthenticated(false);
this.logger.info("Got initialized");
return auth;
}

@Override
public boolean supports(Class<?> authentication) {
return true;
}

}

遗憾的是,我能够登录(访问没有像我预期的那样被拒绝)。我错过了什么吗?

最佳答案

Spring 不会使用多个 AuthenticationProvider验证请求,所以第一个(在 ArrayList 中)AuthenticationProvider支持Authentication对象并成功验证请求将是唯一使用的。在你的情况下是 activeDirectoryLdapAuthenticationProvider .

而不是使用 ActiveDirectoryLdapAuthenticationProvider ,您可以使用委托(delegate)给 LDAP 的自定义 AuthenticationProvider 并执行其他检查:

    CustomerAuthenticationProvider implements AuthenticationProvider{
privtae ActiveDirectoryLdapAuthenticationProvider delegate; // add additional methods to initialize delegate during your configuration

@Override
public Authentication authenticate(Authentication auth) throws
AuthenticationException {
Authentication authentication= delegate.authenticate(auth);
additionalChecks(authentication);
return auth;
}


@Override
public boolean supports(Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}

public void additionalCheck(Authentication authentication){
// throw AuthenticationException when it's not allowed
}

}

关于spring - 连接多种认证机制 Spring Boot Security,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54345243/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com