[英]Creating a delegating authentication provider (Spring Security)
我正在嘗試創建一個委托身份驗證提供程序來執行邏輯,然后根據某些任意邏輯決定選擇哪個authenticationProvider; 為了這個例子,如果用戶名以前綴開頭。
我目前的SecurityConfig將一次嘗試一個身份驗證提供程序:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final MyCustomCredentialAuthProvider myAuthProvider;
...
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth
.ldapAuthentication().configuration(...).here(...).etc(...).and() // ldapAuthenticationProvider is created here
.authenticationProvider(myAuthProvider).and()
// more authentication providers to be added in the future
}
}
根據用戶名,我想選擇是否要使用嘗試提供商,因此如果用戶名不是以特定前綴(“ldap”,“custom”,“ad”)開頭,則不會調用它們,“等”......),所以:
@Component
public class DelegatingProvider implements AuthenticationProvider {
// Problem: How do I create this ldapAuthenticationProvider bean?
private final LdapAuthenticationProvider ldapAuthenticationProvider;
private final MyCustomCredentialAuthProvider myAuthProvider;
...
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
if (authentication.getName() == null) {
throw new BadCredentialsException("No username provided");
} else if (authentication.getName().startsWith("ldapPlease") }
return ldapAuthProvider.authenticate(authentication);
// } else if (...) { ...
// } else if (...) { ...
} else {
return myAuthProvider.authenticate(authentication);
}
}
@Override
public boolean supports(final Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);;
}
}
我似乎無法以這種方式連接LdapProvider,因為它是由SecurityConfig創建的 - 當它之前由SecurityConfig中的AuthBuilder處理時,如何在LdapProvider bean中創建和連接?
@Bean
public LdapAuthenticationProvider ldapAuthentication() {
return new LdapAuthenticationProviderConfigurer().configure(...).here(...).etc(...).build();
}
.....................................
@Component
public class DelegatingProvider implements AuthenticationProvider {
@Autowired
private LdapAuthenticationProvider ldapAuthenticationProvider;
@Autowired
private final MyCustomCredentialAuthProvider myAuthProvider;
...
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
if (authentication.getName() == null) {
throw new BadCredentialsException("No username provided");
} else if (authentication.getName().startsWith("ldapPlease") }
return ldapAuthProvider.authenticate(authentication);
// } else if (...) { ...
// } else if (...) { ...
} else {
return myAuthProvider.authenticate(authentication);
}
}
@Override
public boolean supports(final Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);;
}
}
並且正如@NatFar指定的那樣
@Autowired
private DelegatingProvider delegatingProviderBean;
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth
.authenticationProvider(delegatingProviderBean).and()
// more authentication providers to be added in the future
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.