堆栈内存溢出
  简体   繁体   English

实现自定义Spring Security身份验证方法

[英]Implement Custom Spring Security Authentication Method

 原文  2014-10-09 18:32:36       java/ spring/ spring-mvc/ spring-security/ spring-boot

问题描述

I am building a spring MVC web application, with a user login mechanism. 我正在构建一个带有用户登录机制的Spring MVC Web应用程序。 I have used spring-boot to set up my application. 我已经使用spring-boot来设置我的应用程序。 To authenticate a user with the database, I followed the following tutorial: 要使用数据库对用户进行身份验证,我遵循以下教程:

http://justinrodenbostel.com/2014/05/30/part-5-integrating-spring-security-with-spring-boot-web/ http://justinrodenbostel.com/2014/05/30/part-5-integrating-spring-security-with-spring-boot-web/

Here, spring's inbuilt authentication procedure is used. 在这里,使用spring的内置身份验证过程。 By specifying 通过指定 

auth.jdbcAuthentication().dataSource(datasource);

Spring security checks for the user and authorities table and authenticates the user. Spring安全性检查用户和授权表并验证用户身份。

I want to override this default behaviour, as I do not have(do not need) an authentication table. 我想覆盖此默认行为,因为我没有(不需要)身份验证表。 Plus, my user table has a lot more columns than the standard three columns, namely username, password and enabled. 另外,我的用户表中的列比标准的三列(用户名,密码和已启用)多得多。

How do I override the default implementation? 如何覆盖默认实现?

Also, after the user has logged in, how do I get the information about the user? 另外,在用户登录后,如何获取有关该用户的信息?

Thanks! 谢谢!

1 个解决方案

解决方案1
 1 已采纳  2014-10-09 19:10:26

You can either create a custom AuthenticationProvider or use DaoAuthenticationProvider with your custom UserDetailsService implementation. 您可以创建自定义AuthenticationProvider或将DaoAuthenticationProvider与自定义UserDetailsService实现一起使用。

Here is an example of Spring Java configuration class for the second solution: 这是第二种解决方案的Spring Java配置类示例: 

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserService userService;

    // ...

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setPasswordEncoder(new ShaPasswordEncoder());
        authenticationProvider.setUserDetailsService(userService);
        return authenticationProvider;
    }

}

Your implementation of UserDetailsService interface will contain the logic specific to the domain of your project for retrieving users by their username. 您的UserDetailsService接口的实现将包含特定于您的项目域的逻辑,用于按用户名检索用户。

If you need more detailed examples, leave a comment below and I'll update the answer, but this should give you the general idea. 如果您需要更详细的示例,请在下面留下评论,我将更新答案,但这应该可以为您提供总体思路。

Also i recommend reading through JavaDocs of the aforementioned Spring classes and interfaces. 我也建议您通读上述Spring类和接口的JavaDocs。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 spring 安全性中,如何实现 SAML 和自定义身份验证处理程序 - In spring security how to implement both SAML and custom authentication handler 用于“不支持身份验证方法:GET”的Spring Security定制消息 - Spring Security custom message for “Authentication method not supported: GET” 实现Spring Security的Custom UserDetailService - Implement Custom UserDetailService of Spring Security Spring Security自定义身份验证不起作用 - spring security custom authentication not working 在Spring Security中实现自定义身份验证 - Implementing Custom Authentication in Spring Security Spring Security-自定义LDAP认证 - Spring Security - Custom LDAP Authentication 春季安全定制认证要求 - spring security custom authentication requirements Spring Security和自定义身份验证提供程序 - Spring Security and Custom Authentication Provider Spring安全和自定义外部身份验证 - Spring Security and Custom External Authentication Spring Security 自定义登录和自定义身份验证提供程序 - Spring Security Custom Login And Custom Authentication Provider
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM