簡體   English   中英

創建委派身份驗證提供程序(Spring Security)

[英]Creating a delegating authentication provider (Spring Security)

我正在嘗試創建一個委托身份驗證提供程序來執行邏輯,然后根據某些任意邏輯決定選擇哪個authenticationProvider; 為了這個例子,如果用戶名以前綴開頭。

我目前的SecurityConfig將一次嘗試一個身份驗證提供程序:

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final MyCustomCredentialAuthProvider myAuthProvider;

    ...

    @Override
    protected void configure(AuthenticationManagerBuilder auth) {
        auth
          .ldapAuthentication().configuration(...).here(...).etc(...).and() // ldapAuthenticationProvider is created here
          .authenticationProvider(myAuthProvider).and()
          // more authentication providers to be added in the future
    }
}

根據用戶名,我想選擇是否要使用嘗試提供商,因此如果用戶名不是以特定前綴(“ldap”,“custom”,“ad”)開頭,則不會調用它們,“等”......),所以:

@Component
public class DelegatingProvider implements AuthenticationProvider {

    // Problem: How do I create this ldapAuthenticationProvider bean?
    private final LdapAuthenticationProvider ldapAuthenticationProvider;
    private final MyCustomCredentialAuthProvider myAuthProvider;

    ...

    @Override
    public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
        if (authentication.getName() == null) {
            throw new BadCredentialsException("No username provided");
        } else if (authentication.getName().startsWith("ldapPlease") }
           return ldapAuthProvider.authenticate(authentication);
        // } else if (...) { ...
        // } else if (...) { ...
        } else { 
           return myAuthProvider.authenticate(authentication);
        }
    }

    @Override
    public boolean supports(final Class<?> authentication) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);;
    }
}

我似乎無法以這種方式連接LdapProvider,因為它是由SecurityConfig創建的 - 當它之前由SecurityConfig中的AuthBuilder處理時,如何在LdapProvider bean中創建和連接?

    @Bean
    public LdapAuthenticationProvider ldapAuthentication() {
        return new LdapAuthenticationProviderConfigurer().configure(...).here(...).etc(...).build();
    }
    .....................................
    @Component
    public class DelegatingProvider implements AuthenticationProvider {

        @Autowired
        private LdapAuthenticationProvider ldapAuthenticationProvider;

        @Autowired
        private final MyCustomCredentialAuthProvider myAuthProvider;

        ...

        @Override
        public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
            if (authentication.getName() == null) {
                throw new BadCredentialsException("No username provided");
            } else if (authentication.getName().startsWith("ldapPlease") }
               return ldapAuthProvider.authenticate(authentication);
            // } else if (...) { ...
            // } else if (...) { ...
            } else { 
               return myAuthProvider.authenticate(authentication);
            }
        }

        @Override
        public boolean supports(final Class<?> authentication) {
            return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);;
        }
    }

並且正如@NatFar指定的那樣

    @Autowired
    private DelegatingProvider delegatingProviderBean;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) {
        auth
          .authenticationProvider(delegatingProviderBean).and()
          // more authentication providers to be added in the future
    }

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM