Spring Security 多个 UserDetailsService

问题描述 投票:0回答:2

我有 3 个不同的表,每个表都有用户信息。 (也许用户名相同但密码不同)

此外,还有 3 个不同的 URL 进行授权。是否可以在一个配置中使用多个

UserDetailsService
,并在授权控制期间使用哪个表?

这是我的配置代码,但我无法控制授权期间使用哪个表:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    private final AuthenticationManagerBuilder authenticationManagerBuilder;

    @Qualifier("userDetailsService")
    private final UserDetailsService userDetailsService;

    @Qualifier("customerDetailsService")
    private final UserDetailsService customerDetailsService;

    private final TokenProvider tokenProvider;

    private final CorsFilter corsFilter;

    private final SecurityProblemSupport problemSupport;

    public SecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder, UserDetailsService userDetailsService, UserDetailsService customerDetailsService, TokenProvider tokenProvider, CorsFilter corsFilter, SecurityProblemSupport problemSupport) {
        this.authenticationManagerBuilder = authenticationManagerBuilder;
        this.userDetailsService = userDetailsService;
        this.customerDetailsService = customerDetailsService;
        this.tokenProvider = tokenProvider;
        this.corsFilter = corsFilter;
        this.problemSupport = problemSupport;
    }

    @PostConstruct
    public void init() {
        try {
            authenticationManagerBuilder
                .userDetailsService(userDetailsService)
                .passwordEncoder(passwordEncoder())
                .and()
                .userDetailsService(customerDetailsService)
                .passwordEncoder(passwordEncoder());
        } catch (Exception e) {
            throw new BeanInitializationException("Security configuration failed", e);
        }
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
            .antMatchers(HttpMethod.OPTIONS, "/**")
            .antMatchers("/app/**/*.{js,html}")
            .antMatchers("/i18n/**")
            .antMatchers("/content/**")
            .antMatchers("/swagger-ui/index.html")
            .antMatchers("/test/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
            .exceptionHandling()
            .authenticationEntryPoint(problemSupport)
            .accessDeniedHandler(problemSupport)
            .and()
            .csrf()
            .disable()
            .headers()
            .frameOptions()
            .disable()
            .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers("/api/register").permitAll()
            .antMatchers("/api/activate").permitAll()
            .antMatchers("/api/authenticate").permitAll()
            .antMatchers("/api/account/reset-password/init").permitAll()
            .antMatchers("/api/account/reset-password/finish").permitAll()
            .antMatchers("/api/**").authenticated()
            .antMatchers("/management/health").permitAll()
            .antMatchers("/management/info").permitAll()
            .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
            .antMatchers("/v2/api-docs/**").permitAll()
            .antMatchers("/swagger-resources/configuration/ui").permitAll()
            .antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN)
            .and()
            .apply(securityConfigurerAdapter());

    }

    private JWTConfigurer securityConfigurerAdapter() {
        return new JWTConfigurer(tokenProvider);
    }
}

userDetailsServicecustomerDetailsService 是我的

UserDetailsService
实现,它们使用不同的表来检查凭据。但我无法准确控制请求到来时使用哪个 UserDetailsService。

spring spring-security jhipster
2个回答
0
投票

您可以使用这篇文章 https://sanketdaru.com/blog/multiple-sources-user-details-spring-security/。 它有一个示例,其中定义了两个服务并使用该单个服务。就像我的用户细节服务代码一样。

@Override
public UserDetails loadUserByUsername(String name) throws UsernameNotFoundException {
    List<UserEntity> users = userRepository.findByName(name);
    if (users.isEmpty()){
        return inMemoryUserDetailsService.loadUserByUsername(name);
    }
    return new UserDetailEntity (users.get(0));
}

@PostConstruct
public void init() {
    this.inMemoryUserDetailsService = initInMemoryUserDetailsService();
}

private UserDetailsService initInMemoryUserDetailsService() {
    List<UserDetails> userDetails = new ArrayList<>();
    UserDetails userDetails1 = new User("user1", "$2a$10$t/U97dFDQ0e8ujCq6728P.E1axs/aoAMsopoSUQtTchiKTP/Ps4um", Collections.singletonList(new SimpleGrantedAuthority("USER")));
    UserDetails userDetails2 = new User("admin1", "$2a$10$t/U97dFDQ0e8ujCq6728P.E1axs/aoAMsopoSUQtTchiKTP/Ps4um", Arrays.asList(new SimpleGrantedAuthority("USER"),new SimpleGrantedAuthority("ADMIN")));
    userDetails.add(userDetails1);
    userDetails.add(userDetails2);
    return new InMemoryUserDetailsManager(userDetails);
}

-1
投票

请在 WebSecurityConfigurerAdapter 中尝试一下

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(yourCustomUserDetailsService).passwordEncoder(passwordEncoder);
}
© www.soinside.com 2019 - 2024. All rights reserved.