spring 构建后如何将用户添加到 inMemoryAuthentication 构建器?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/25869260/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I add users to the inMemoryAuthentication builder after it has been built?
提问by ehiggins
I have managed to load all the users into the AuthenticationManagerBuilder during the initial load of the application, but I have a requirement to add users post-startup.
在应用程序的初始加载期间,我设法将所有用户加载到 AuthenticationManagerBuilder 中,但我需要在启动后添加用户。
Startup:
启动:
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
...
auth.inMemoryAuthentication().withUser(email).password(password).roles(roles.toArray(new String[roles.size()])).and().passwordEncoder(encoder());
This works great for a point in time, but I have a use case where users can be added while the application is running.
这在某个时间点非常有效,但我有一个用例,可以在应用程序运行时添加用户。
By which method can I do this post-startup (via controller/service)? I'm thinking it might be the InMemoryUserDetailsManager(it contains the createUser()method) but I'm not sure how to reference or configure it.
我可以通过哪种方法在启动后执行此操作(通过控制器/服务)?我想它可能是InMemoryUserDetailsManager(它包含createUser()方法),但我不确定如何引用或配置它。
回答by geoand
The following code will do what you are asking:
以下代码将执行您的要求:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//whatever here
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(inMemoryUserDetailsManager());
}
@Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
final Properties users = new Properties();
users.put("user","pass,ROLE_USER,enabled"); //add whatever other user you need
return new InMemoryUserDetailsManager(users);
}
}
Using the InMemoryUserDetailsManageryou configured above a super simple controller that just adds and checks for the existence of a user would look like:
使用InMemoryUserDetailsManager您在上面配置的一个超级简单的控制器,它只添加并检查用户是否存在,如下所示:
@RestController
@RequestMapping("user")
public class SimpleSecurityController {
private final InMemoryUserDetailsManager inMemoryUserDetailsManager;
@Autowired
public SimpleSecurityController(InMemoryUserDetailsManager inMemoryUserDetailsManager) {
this.inMemoryUserDetailsManager = inMemoryUserDetailsManager;
}
@RequestMapping("exists/{username}")
public boolean userExists(@PathVariable("username") String username ) {
return inMemoryUserDetailsManager.userExists(username);
}
@RequestMapping("add/{username}/{password}")
public String add(@PathVariable("username") String username, @PathVariable("password") String password) {
inMemoryUserDetailsManager.createUser(new User(username, password, new ArrayList<GrantedAuthority>()));
return "added";
}
}
Also note that if you are using Spring Boot's autoconfiguration you will need to add
另请注意,如果您使用的是 Spring Boot 的自动配置,则需要添加
@EnableAutoConfiguration(exclude = SecurityAutoConfiguration.class)
to prevent Spring Boot from trying to autoconfigure security
防止 Spring Boot 尝试自动配置安全性
UpdateAs noted by @AdamMichalik, @EnableWebMvcSecurityis deprecated and should be replaced by @EnableWebSecurity
更新正如@AdamMichalik 所指出的,@EnableWebMvcSecurity已弃用,应替换为@EnableWebSecurity
回答by Dmitry Golikov
I changed this code:
我改变了这段代码:
inMemoryUserDetailsManager.createUser(new User(username, password, new ArrayList<GrantedAuthority>()));
from @geoend′s answer to:
来自@geoend 的回答:
inMemoryUserDetailsManager.createUser(User.withUsername(username).password(password).roles("USER").build());
because by default, a new user doesn't have any permissions.
因为默认情况下,新用户没有任何权限。
