既然WebSecurityConfigurerAdapter已经被弃用,我正尝试更新我的代码,以使用新的方法来设置基于off的身份验证:https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter
我目前使用ldap身份验证和内存身份验证。在我的应用程序中,我需要将AuthenticationManagers公开为每一个的bean。我的旧代码是通过创建两个单独的WebSecurityConfigurerAdapter来完成的:
@Configuration
@Order(1)
public class APIWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser(ApiRolesUsers.API_VIEW_ALL).password("{noop}" + apiKeyStore.getKeyByUserName(ApiRolesUsers.API_VIEW_ALL)).roles(ApiRolesUsers.API_VIEW_ALL)
.and()
.withUser(ApiRolesUsers.API_UPDATE_ALL).password("{noop}" + apiKeyStore.getKeyByUserName(ApiRolesUsers.API_UPDATE_ALL)).roles(ApiRolesUsers.API_UPDATE_ALL)
.and()
.withUser(ApiRolesUsers.API_EDL_UPDATE).password("{noop}" + apiKeyStore.getKeyByUserName(ApiRolesUsers.API_EDL_UPDATE)).roles(ApiRolesUsers.API_EDL_UPDATE);
}
...
@Bean( name = "apiAuthenticationManager")
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
...
}和
@Configuration
@Order(2)
public class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Autowired
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userSearchBase(ldapUserSearchBase)
.userSearchFilter(ldapUserSearchFilter)
.groupSearchBase(ldapGroupSearchBase)
.contextSource(ldapContextSource);
...
@Bean( name = "authenticationManager")
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
...
}从那里,我可以自动连接“authenticationManager”和“apiAuthenticationManager”。我可以在没有WebSecurityConfigurerAdapter的情况下以新格式重新创建“authenticationManager”部分,其中:
@Bean(name = "authenticationManager")
AuthenticationManager ldapAuthenticationManager(
LdapContextSource contextSource) {
LdapBindAuthenticationManagerFactory factory =
new LdapBindAuthenticationManagerFactory(contextSource);
factory.setUserSearchBase(ldapUserSearchBase);
factory.setUserSearchFilter(ldapUserSearchFilter);
return factory.createAuthenticationManager();
}基于新的Spring文档,我能够使用以下内容创建内存中的零件:
//How do I expose AuthenticationManager for this???
public InMemoryUserDetailsManager inMemoryUserDetailsManager(AuthenticationConfiguration providerManager) {
UserDetails apiViewAll = User.builder()
.username(ApiRolesUsers.API_VIEW_ALL)
.password("{noop}" + apiKeyStore.getKeyByUserName(ApiRolesUsers.API_VIEW_ALL))
.roles(ApiRolesUsers.API_VIEW_ALL)
.build();
UserDetails updateAll = User.builder()
.username(ApiRolesUsers.API_UPDATE_ALL)
.password("{noop}" + apiKeyStore.getKeyByUserName(ApiRolesUsers.API_UPDATE_ALL))
.roles(ApiRolesUsers.API_UPDATE_ALL)
.build();
UserDetails edlUpdate = User.builder()
.username(ApiRolesUsers.API_EDL_UPDATE)
.password("{noop}" + apiKeyStore.getKeyByUserName(ApiRolesUsers.API_EDL_UPDATE))
.roles(ApiRolesUsers.API_EDL_UPDATE)
.build();
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(apiViewAll, updateAll, edlUpdate);
return manager;
}在上面我需要公开相关的AuthenticationManager,WebSecurityConfigurerAdapter能够在他们弃用它之前完成它。
@Bean(name = "apiAuthenticationManager") {
public AuthenticationManager authenticationManager(AuthenticationConfiguration
authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}有人知道我如何在不使用WebSecurityConfigurerAdapter的情况下实现和公开这两个AuthenticationManager吗
1条答案
按热度按时间ftf50wuq1#
您可以自行建构
AuthenticationManager,例如: