那些遇到过的问题

相关疑难解决方法(0)

Spring Security 多个 UserDetailsS​​ervice

我有 3 个不同的表,每个表都有用户信息。(可能相同的用户名但不同的密码)

此外,有 3 个不同的 URL 进行授权。是否可以在UserDetailsService一个配置中使用多个并在授权控制期间使用哪个表?

这是我的配置代码,但我无法控制在授权期间使用哪个表:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    private final AuthenticationManagerBuilder authenticationManagerBuilder;

    @Qualifier("userDetailsService")
    private final UserDetailsService userDetailsService;

    @Qualifier("customerDetailsService")
    private final UserDetailsService customerDetailsService;

    private final TokenProvider tokenProvider;

    private final CorsFilter corsFilter;

    private final SecurityProblemSupport problemSupport;

    public SecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder, UserDetailsService userDetailsService, UserDetailsService customerDetailsService, TokenProvider tokenProvider, CorsFilter corsFilter, SecurityProblemSupport problemSupport) {
        this.authenticationManagerBuilder = authenticationManagerBuilder;
        this.userDetailsService = userDetailsService;
        this.customerDetailsService = customerDetailsService;
        this.tokenProvider = tokenProvider;
        this.corsFilter = …
Run Code Online (Sandbox Code Playgroud)

spring spring-security jhipster

pro*_*omy
2020 06-16
5
推荐指数
1
解决办法
4216
查看次数

Spring Security 具有不同用户详细信息的多个 HTTPSecurity 服务在 Spring Boot 中不起作用

我有两种类型的用户:应用程序用户和最终用户,我有单独的表。现在,我想对这两个表应用安全性。

我为应用程序用户提供了UserDetailsS​​ervice 的自定义实现:

@Component("applicationUserDetailsService")
public class ApplicationUserDetailsService implements UserDetailsService {}
Run Code Online (Sandbox Code Playgroud)

而且,我为最终用户提供了UserDetailsS​​ervice 的另一个自定义实现:

@Component("endUserDetailsService")
public class EndUserDetailsService implements UserDetailsService {}
Run Code Online (Sandbox Code Playgroud)

现在,在以下代码片段中,我为这两种类型的用户注册了两个端点。我已经分别为应用程序和最终用户注入了UserDetailsS​​ervice 的实现和@Overide configure(AuthenticationManagerBuilder auth)方法注册。

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration {

// Injected via Constructor Injection
private final EndUserDetailsService endUserDetailsService;

private final ApplicationUserDetailsService applicationUserDetailsService;

@Configuration
@Order(1)
public class ApplicationUserSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
            .antMatchers(HttpMethod.OPTIONS, "/**")
            .antMatchers("/swagger-ui/index.html")
            .antMatchers("/test/**");
    }

    @Override
    public …
Run Code Online (Sandbox Code Playgroud)

spring spring-security spring-boot

Bil*_*een
lucky-day
5
推荐指数
1
解决办法
1756
查看次数

标签 统计

spring ×2

spring-security ×2

jhipster ×1

spring-boot ×1