当前位置:theitroad>带有 Spring Security 和 Java Config 的自定义身份验证提供程序

带有 Spring Security 和 Java Config 的自定义身份验证提供程序

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/22606751/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-08 06:37:31  来源:igfitidea点击:

Custom Authentication provider with Spring Security and Java Config

springspring-securityspring-java-config

提问by vdenotaris

How can I define a custom Authentication provider by using Spring Security with Java Configurations? I would like to perform a login checking credentials on my own database.

如何通过将 Spring Security 与 Java 配置结合使用来定义自定义身份验证提供程序?我想对我自己的数据库执行登录检查凭据。

回答by geoand

The following does what you need (CustomAuthenticationProvideris your implementation which needs to be managed by Spring)

以下是您所需要的(CustomAuthenticationProvider是您需要由 Spring 管理的实现)

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomAuthenticationProvider customAuthenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /**
         * Do your stuff here
         */
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthenticationProvider);
    }
}

回答by M2E67

As shown on baeldung.com, define your authentication provider as follow:

baeldung.com所示,定义您的身份验证提供程序如下:

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {

    @Override
    public Authentication authenticate(Authentication authentication) 
      throws AuthenticationException {

        String name = authentication.getName();
        String password = authentication.getCredentials().toString();

        if (shouldAuthenticateAgainstThirdPartySystem(username, password)) {

            // use the credentials
            // and authenticate against the third-party system
            return new UsernamePasswordAuthenticationToken(
              name, password, new ArrayList<>());
        } else {
            return null;
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(
          UsernamePasswordAuthenticationToken.class);
    }
}

and following code is corresponding java config:

以下代码是对应的java配置:

@Configuration
@EnableWebSecurity
@ComponentScan("org.project.security")
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomAuthenticationProvider authProvider;

    @Override
    protected void configure(
      AuthenticationManagerBuilder auth) throws Exception {

        auth.authenticationProvider(authProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated()
            .and()
            .httpBasic();
    }
}

相关推荐

spring javax.naming.NameNotFoundException:名称 [comp/env] 未在此上下文中绑定

spring javax.naming.NameNotFoundException:名称 [comp/env] 未在此上下文中绑定

spring Thymeleaf:如果属性和属性存在,则显示文本

spring Thymeleaf:如果属性和属性存在,则显示文本

如何使用 Spring LDAP 身份验证

如何使用 Spring LDAP 身份验证

在 Spring 单元测试期间无法加载 ApplicationContext

在 Spring 单元测试期间无法加载 ApplicationContext

相关推荐
最近更新
标签