在我的设置中,我有一个上游系统,该系统将Http
请求发送到我的系统。这些HTTP请求包含其标题中的basicAuth
令牌。
我正在使用Spring-boot
&外部tomcat。
我如何配置我的应用程序检查,如果用户名/密码正确,请按照正常流量进行,否则在日志中打印异常?
在我的应用程序中没有UI,因此我不想显示任何登录页面/错误页面。我在这里发现的示例是基于UI的,这不是我的要求。
另外,如果解决方案需要配置tomcat,就像在此示例中一样,我该如何在没有web.xml的情况下完成此操作,因为我正在使用SpringBoot。
如果您使用tomcat Basic验证,则您的应用程序将绑定到Tomcat Web容器。
我认为,由于您的应用程序是基于弹簧启动的应用程序,您可以使用弹簧安全性并在其中启用基本身份验证。
遵循此帖子,在此帖子中,作者显示了如何使用弹簧安全性保护。
oauth2服务器配置
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
public class AuthserverApplication extends WebMvcConfigurerAdapter {
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.requestMatchers().antMatchers("/user/**","/api/v1/user")
.and()
.authorizeRequests()
.antMatchers("/user/**").authenticated()
.antMatchers("/api/v1/user").permitAll();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("sparklr").stateless(false);
}
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).userDetailsService(userDetailsService);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("act_client").authorizedGrantTypes("password", "refresh_token").scopes("read",
"write", "trust");
}
}
}
UserDetailsservice实现
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.flasher.entity.AuthorityM;
import com.flasher.entity.User;
import com.flasher.repository.UserRepository;
import java.util.HashSet;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
@Service
public class UserDetailsInfo implements UserDetailsService {
@Autowired
UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userRepository.findByUsername(userName);
Set<AuthorityM> authorityMs = user.getAuthorityMs();
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorityMs.stream().forEach(authorityM -> {
authorities.add(new SimpleGrantedAuthority(authorityM.getRole()));
});
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(),
authorities);
}
}
实现" org.springframework.security.core.userdetails.userdetailsservice" opringframework.security.core.core.userdetails.usersersersersersersersersersersersersersersersersersersers oauth server