spring与neo4j的身份验证

rt4zxlrg  于 2021-06-30  发布在  Java
关注(0)|答案(1)|浏览(350)

我和neo4j一起研究spring的应用。我想使用数据库中的用户名和密码添加身份验证。下面是我如何使用mysql的代码。我想知道下面使用neo4j的代码的等价物是什么。

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Bean
    public PasswordEncoder passwordEncoders(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication()
                .usersByUsernameQuery("SELECT u.name, u.password, 1 FROM user u WHERE u.name=?")
                .authoritiesByUsernameQuery("SELECT u.name, u.role, 1 FROM user u WHERE u.name=?")
                .dataSource(dataSource)
                .passwordEncoder(passwordEncoders());
    }
//...
}

我尝试为datasource创建bean,但得到了beancreationexception。这是我想用的

@Bean
    public DataSource getDataSource(){
        String NEO4J_URL = System.getenv("NEO4J_URL");
        if (NEO4J_URL==null) NEO4J_URL=System.getProperty("NEO4J_URL","jdbc:neo4j:http://localhost:11010");
            return new DriverManagerDataSource(NEO4J_URL);
    }

还是这个

@Bean
public DataSource getDataSource(){
    DataSourceBuilder dataSourceBuilder = DataSourceBuilder.create();
    dataSourceBuilder.driverClassName("org.neo4j.driver");
    dataSourceBuilder.url("bolt://localhost:11010");
    dataSourceBuilder.username("neo4j");
    dataSourceBuilder.password("0000");
    return dataSourceBuilder.build();
}
v09wglhw

v09wglhw1#

您需要注册一个自定义安全性 AuthenticationProvider 它可以查询图形以检索具有给定凭据的用户。
这样的提供者看起来是这样的:

package com.ikwattro.demo.neo4jauth.security;

import org.neo4j.driver.Driver;
import org.neo4j.driver.Record;
import org.neo4j.driver.Session;
import org.neo4j.driver.types.Node;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;

@Component
public class Neo4jAuthenticationProvider implements AuthenticationProvider {

    private final Driver driver;

    public Neo4jAuthenticationProvider(Driver driver) {
        this.driver = driver;
    }

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String name = authentication.getName();
        String password = authentication.getCredentials().toString();
        try (Session session = driver.session()) {
            List<Record> results = session.run("MATCH (n:User) WHERE n.username = $name AND n.password = $password RETURN n",
                    Map.of("name", name, "password", password)).list();

            if (results.isEmpty()) {
                return null;
            }

            Node user = results.get(0).get("n").asNode();
            // Possible to add more information from user
            List<GrantedAuthority> authorities = new ArrayList<>();
            authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
            final UserDetails principal = new User(name, password, authorities);

            return new UsernamePasswordAuthenticationToken(principal, password, authorities);
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
}

然后需要将此提供程序注册为安全链中的主authenticationprovider,您可以在安全配置中执行此操作:

package com.ikwattro.demo.neo4jauth.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private Neo4jAuthenticationProvider authenticationProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated()
                .and().httpBasic();
    }
}

然后可以使用基本身份验证查询应用程序

curl --user john:doe localhost:8080/hello

您可以在这里找到一个完整的演示:https://github.com/ikwattro/spring-security-neo4j

相关问题