在我的春季启动应用程序中,我有两种不同类型的用户-用户和供应商,它们存储在我的SQL DB中的不同表中。
我只允许访问/user/login和/vender/login,后者返回JWT。
我无法理解如何配置spring安全性,以便在有人请求/user/login时只检查USERS表,而在供应商请求/vender/login时只检查VENDORS表。这可能吗?如果没有,有人能建议我如何配置spring安全性来验证来自不同表的用户吗?
这是我目前的配置,它只在USERS-上进行身份验证
@Configuration
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private UserService myUserDetailsService; // this fetches data from the USERS table
@Autowired
private JwtRequestFilter jwtRequestFilter;
// *** How do I configure this to check both VENDORS OR USERS table? ***
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/user/auth/login").permitAll()
.antMatchers("/vendor/auth/login").permitAll()
.anyRequest().authenticated()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
我已经为用户和供应商实现了UserDetailsService。以下是用户服务的实现-
@Service
public class UserService implements UserDetailsService {
@Autowired
private UserRepository repository;
@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;
public UserService() {
}
public UserService(UserRepository repository) {
this.repository = repository;
}
public Users findOne(String id) {
Optional<Users> user = repository.findById(id);
return user.orElse(null);
}
public List<Users> findAll() {
List<Users> users = new ArrayList<>();
repository.findAll().forEach(users::add);
return users;
}
public Users insert(Users user) throws UnknownError {
// somecode here
}
public Users update(String id, Users user) {
// some code here
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
final Users user = findByEmail(username);
if (user == null) {
throw new UsernameNotFoundException("No user Found");
}
return new User(user.getEmail(), user.getPassword(), new ArrayList<>());
}
}
这是UserController(VendorController与此类似(-
@RestController
@RequestMapping(path = "/user")
public class AuthController {
@Autowired
UserService service;
@Autowired
AuthenticationManager authenticationManager;
@PostMapping(path = "/login")
public ResponseEntity<?> login(@RequestBody AuthenticationRequest form) throws Exception {
try {
authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(form.getEmail(), form.getPassword()));
} catch (Exception e) {
throw new Exception("Incorrect Credentials");
}
final UserDetails user = service.loadUserByUsername(form.getEmail());
Users returnedUser = service.insert(user);
ResponseStructure response = new ResponseStructure(true, returnedUser);
return ResponseEntity.ok(response);
}
您可以让UserService查找两个存储库
@Service
public class UserService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Autowired
private VendorRepository vendorRepository;
// all the other stuff
private Users findByUsername(String username){
return userRepository.findByUserName(username);
}
private Vendors findByVendorName(String vendorName){
return VendorRepository.findByVendorName(vendorName); // given you have such method declared in the Spring Data repository
}
@Override
public UserDetails loadUserByName(String name) throws UsernameNotFoundException {
Users user = findByUsername(name);
if (user != null) {
return new User(user.getEmail(), user.getPassword(), new ArrayList<>());
}
Vendors vendor = findByVendorName(name);
if (vendor != null) {
return new Vendor(vendor.getEmail(), vendor.getPassword(), new ArrayList<>());
}
else{
throw new UsernameNotFoundException("No user Found");
}
}
}