堆栈内存溢出
  简体   繁体   English

如何在Spring中为系统用户验证计划进程?

[英]How can I authenticate a system user for scheduled processes in Spring?

 原文  2015-04-16 19:41:56       java/ spring/ authentication/ spring-security/ spring-3

问题描述

we have a Quartz/Spring Batch job, that for audit logging purposes we'd like to have it "authenticated" as a system user. 我们有一个Quartz / Spring Batch作业,为了审计日志记录,我们希望将它作为系统用户进行“认证”。 Some of our methods rely on fetching the SecurityContext to do this. 我们的一些方法依赖于获取SecurityContext来执行此操作。 The ways of running this job are trusted (or authenticated). 运行此作业的方式是可信的(或经过身份验证)。 We don't want to actually use a password or other token (since the process is basically always spawned by quartz). 我们不想实际使用密码或其他令牌(因为该过程基本上总是由石英生成)。

I tried this 我试过这个 

private void authenticate() {
    UserDetails admin = userDetailsService.loadUserByUsername( "admin" );

    RunAsUserToken token = new RunAsUserToken(
            UUID.randomUUID().toString(), admin, admin.getAuthorities(), null , null );

    Authentication user = authenticationManager.authenticate( token );

    if ( user.isAuthenticated() ) {
        SecurityContext sc = new SecurityContextImpl();
        sc.setAuthentication( user );
        SecurityContextHolder.setContext( sc );
    }
}

but it resulted in 但它导致了 

org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.access.intercept.RunAsUserToken

and I'm not sure what some of RunAsUserToken parameters do (eg key) or what I should be giving it in regards to Credentials. 而且我不确定一些RunAsUserToken参数是做什么的(例如密钥)或者我应该在Credentials方面提供什么。

How can I authenticate or otherwise set the security context as if it was authenticated as this user? 我如何验证或以其他方式设置安全上下文,就像它被认证为此用户一样?

1 个解决方案

解决方案1
 12 已采纳  2015-04-16 20:19:46

I'm not sure yet about the RunAsUserToken. 我还不确定RunAsUserToken。 I think it is intended to be used when someone is already authenticated, but the application what to execute something as another user. 我认为它的目的是在某人已经过身份验证时使用,但应用程序将执行某些内容作为另一个用户。

I found an example of using it here . 我在这里找到了一个使用它的例子

But, maybe you don't really need that. 但是,也许你真的不需要那样。 If it is the case, you could just do : 如果是这种情况,您可以这样做: 

Authentication auth = new UsernamePasswordAuthenticationToken(admin.getUsername(), admin.getPassword(), admin.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);

And then admin will be authenticated. 然后管理员将进行身份验证。 Also, you don't need to use admin.getPassword() since it won't be checked anyway. 此外,您不需要使用admin.getPassword()因为它无论如何都不会被检查。

Note that you don't have to create the security context : it already exists. 请注意,您不必创建安全上下文:它已存在。 I think it is ThreadLocal by default. 我认为默认情况下它是ThreadLocal

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用Wordpress在Spring Web应用程序中对用户进行身份验证? - How can I use Wordpress to authenticate a user in a spring web application? 如何使用DaoAuthenticationProvider以编程方式使用Spring Security对用户进行身份验证 - How can I programmatically authenticate user with Spring Security using DaoAuthenticationProvider 如何使用Spring Security针对db或ldap对用户进行动态身份验证? - How can I dynamically authenticate a user against the db or ldap with spring security? 如何在spring security中只通过ip地址验证用户? - How can authenticate user by only ip address in spring security? 如何使用Spring框架监视(监听)通过@scheduled计划的作业? - how can I monitor (listen) the job I scheduled with @scheduled using spring framework? 如何对 Spring @Scheduled 任务进行性能和负载测试 - How can I do Performance & Load Testing for Spring @Scheduled task 如何使用Java和Spring更改计划任务中的值 - How can I change the value in a scheduled task with Java and Spring 如何为我的应用程序验证 Reddit 用户? - How can I authenticate a Reddit user for my application? 如何在Play的2.0 WebSocket中验证用户身份? - How can I authenticate user in Play's 2.0 WebSocket? 如何使用Spring Security验证用户身份? - how to authenticate user using spring security?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM