我有一個具有依賴關系的應用程式,其中定義了安全性。典型配置:
@Configuration
@EnableWebSecurity
public class AuthConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(DEFAULT_PERMIT_ALL_PATHS).permitAll()
.and()
.authorizeRequests().anyRequest().authenticated()
.and()
.exceptionHandling()
.and()
.csrf().disable().httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
User.UserBuilder users = User.withDefaultPasswordEncoder();
authManagerBuilder.inMemoryAuthentication().withUser(users.username("FOO").password("BAR").roles("USER").build());
}
}
以上是第一個專案。我有第二個專案,我在上面有一個 POM 依賴項。現在我想添加一個額外的用戶,但我必須在我的第二個專案中執行此操作,其中僅依賴于第一個具有安全性的專案。
我可以復制并粘貼整個 AuthConfiguration,然后我有 2 個安全過濾器鏈,但這不是一個好主意。應用開始處理請求,查看目標 URI 是什么。兩個過濾器鏈具有相同的 antMatcher(我只想添加額外的用戶)并且只處理一個過濾器鏈。因此,它部分作業 - 來自第一個或第二個專案的用戶作業(這取決于 AuthConfiguration 的 @Order)。
也許以某種方式可以在我的第二個專案中注入例如 AuthenticationManagerBuilder 并擴展/添加其他用戶?我試過了,但它不起作用。我在第二個專案中添加了這樣的代碼:
@Configuration
public class AdditionalUsersConfiguration() {
public AdditionalUsersConfiguration(AuthenticationManagerBuilder builder) throws Exception {
User.UserBuilder users = User.withDefaultPasswordEncoder();
authManagerBuilder.inMemoryAuthentication()
.withUser(users.username("FOO").password("BAR").roles("USER")
.withUser(users.username("FOO2").password("BAR").roles("USER").build());
}
}
只有第一個用戶 FOO 有效,看起來它來自定義它的第一個專案。
編輯:我也嘗試了這個問題的方法 How can I add users to the inMemoryAuthentication builder after it has been built? 我在我的第二個專案中添加了這段代碼:
@Configuration
public class NextApproachConfiguration() {
public NextApproachConfiguration(InMemoryUserDetailsManager manager) throws Exception {
manager.createUser(new User("FOO2", "BAR", new ArrayList<GrantedAuthority>()));
// in debugger here I see two users [FOO, FOO2]
}
}
It looks good. In debugger (comment in code) I see user from the first project and new user. But when I request endpoint with postman I see internally in debugger how it calls to InMemoryUserDetailsManager::loadByUsername() and this manager has different instance than where I added user two. And it only has one user from the first project. When I start app with debbuger I see that firstly is executed my above code where I add second user, and then is executed code from the first project (AuthConfiguration class) where AuthenticationManagerBuilder::inMemoryAuthentication goes to InMemoryUserDetailsManagerConfigurer where creates new instance of InMemoryUserDetailsManager using new keyword.
uj5u.com熱心網友回復:
最后,在我的第二個專案中,我只是以這種方式從第一個專案中擴展了 AuthConfiguration 類:
@Configuration
@Order(90)
public class SecondProjectConfiguration extends AuthConfiguration {
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
super.configure(authManagerBuilder); // it creates FOO user
User.UserBuilder users = User.withDefaultPasswordEncoder();
authManagerBuilder.inMemoryAuthentication()
.withUser(users.username("FOO2").password("BAR").roles("USER").build());
}
}
它作業正常。Order(90)也是需要的,因為 AuthConfiguration 具有默認的 Order 100,并且它在啟動時停止應用程式并出現錯誤。非常簡單的方法,但最后嘗試了。
uj5u.com熱心網友回復:
您可以采用的另一種方法是在第一個專案中對您的配置使用自定義 bean(例如 UserFactory),并使用它來檢索所有用戶并添加到記憶體用戶管理器
@Autowired(required = false)
UserFactory userFactory;
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
User.UserBuilder users = User.withDefaultPasswordEncoder();
InMemoryUserDetailsManagerConfigurer configurer = authManagerBuilder.inMemoryAuthentication();
configurer.withUser(users.username("FOO").password("BAR").roles("USER").build());
if (userFactory != null) {
for (UserDetails userDetails: userFactory.getUsers()) {
configurer.withUser(userDetails);
}
}
}
在您的第二個專案中,您定義 bean 并添加其他用戶:
@Bean
public UserFactory userFactory() {
UserFactory userFactory = new UserFactory();
User.UserBuilder user = User.withDefaultPasswordEncoder();
userFactory.addUser(user.username("FOO2").password("BAR").roles("USER").build());
return userFactory;
}
如果您有許多默認用戶并希望避免在擴展配置類中重新鍵入它們,這可能更適合。
轉載請註明出處,本文鏈接:https://www.uj5u.com/qukuanlian/352791.html
標籤:java spring spring-security
上一篇:不允許擴展定義步驟定義或掛鉤的類