Guc*_*ben 5 java spring authorization spring-security microservices
我有很多服务,我想通过身份验证服务集中我的身份验证。现在我是 Spring boot 的菜鸟,我不知道如何使这成为可能。
我只是从 Spring 实现了正常的安全性,它工作得很好,我只找到了一些关于的教程jdbcAuthentication,inMemoryAuthentication等的教程,但没有找到身份验证服务向另一个服务发送请求的身份验证。有人知道这件事吗?
我的安全基于代币 ->JWT
我想我需要操纵AuthenticationManagerBuilder因为它决定用户名是否有效。
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
}
我用 Feign 提出请求 - 也许这段代码的位置错误
@Override
public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) throws AuthenticationException, IOException, ServletException {
AccountCredentials credentials = new ObjectMapper()
.readValue(req.getInputStream(), AccountCredentials.class);
UserRequest userRequest = Feign.builder()
.decoder(new GsonDecoder())
.target(UserRequest.class,"http://localhost:7998/api/user-service/user/" + credentials.getUsername());
return getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(credentials.getUsername(),credentials.getPassword(),emptyList()));
}
您可以这样配置:
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception
{
auth.userDetailsService(getUserDetailsService());
}
@Bean
UserDetailsService getUserDetailsService() {
return username ->
{
JSONObject user = callUserService(username); //Here you send the UserRequest
if(user.has("email")) {
return new User(
user.getString("email"),
user.getString("password"),
true, true, true, true,
Collections.emptyList());
} else {
throw new BadCredentialsException("BadCredentialsException");
}
};
}
| 归档时间: |
|
| 查看次数: |
2236 次 |
| 最近记录: |