从外部源向keyposet身份验证添加额外的角色

yhuiod9q  于 2021-07-26  发布在  Java
关注(0)|答案(1)|浏览(414)

我想通过key斗篷对用户进行身份验证,但我需要向身份验证对象添加其他角色,这是spring安全所使用的。添加的角色保存在postgres数据库中。
我试图用自定义authenticationprovider覆盖configureglobal,但没有成功。

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    ApplicationAuthenticationProvider provider = new ApplicationAuthenticationProvider();
    provider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
    auth.authenticationProvider(provider);
}

@Component 公共类applicationauthenticationprovider扩展了key斗篷AuthenticationProvider{

@Autowired
private UserService userService;

private GrantedAuthoritiesMapper grantedAuthoritiesMapper;

public void setGrantedAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
    this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
}

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) authentication;
    List<GrantedAuthority> grantedAuthorities = new ArrayList<>();

    String username = ((KeycloakAuthenticationToken) authentication)
            .getAccount().getKeycloakSecurityContext().getToken().getPreferredUsername();
    List<Role> roles = userService.findRoles(username);

    for (Role role : roles) {
        grantedAuthorities.add(new KeycloakRole(role.toString()));
    }
    return new KeycloakAuthenticationToken(token.getAccount(), token.isInteractive(), mapAuthorities(grantedAuthorities));
}

@Override
public boolean supports(Class<?> authentication) {
    return authentication.equals(UsernamePasswordAuthenticationToken.class);
}

private Collection<? extends GrantedAuthority> mapAuthorities(
        Collection<? extends GrantedAuthority> authorities) {
    return grantedAuthoritiesMapper != null
            ? grantedAuthoritiesMapper.mapAuthorities(authorities)
            : authorities;
}

}
试图添加额外的过滤器,但我不确定配置是否正确。
@豆子

@Override
protected KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter() throws Exception {
    RequestMatcher requestMatcher =
            new OrRequestMatcher(
                    new AntPathRequestMatcher("/api/login"),
                    new QueryParamPresenceRequestMatcher(OAuth2Constants.ACCESS_TOKEN),
                    // We're providing our own authorization header matcher
                    new IgnoreKeycloakProcessingFilterRequestMatcher()
            );
    return new KeycloakAuthenticationProcessingFilter(authenticationManagerBean(), requestMatcher);
}

// Matches request with Authorization header which value doesn't start with "Basic " prefix
private class IgnoreKeycloakProcessingFilterRequestMatcher implements RequestMatcher {
    IgnoreKeycloakProcessingFilterRequestMatcher() {
    }

public boolean matches(HttpServletRequest request) {
    String authorizationHeaderValue = request.getHeader("Authorization");
    return authorizationHeaderValue != null && !authorizationHeaderValue.startsWith("Basic ");
}

}

pjngdqdw

pjngdqdw1#

现在我只在登录/密码时使用keydepot。角色和权限现在保存在本地数据库中。

相关问题