小贝子编程

BasicAuth using Spring boot



在我的设置中,我有一个上游系统,该系统将Http请求发送到我的系统。这些HTTP请求包含其标题中的basicAuth令牌。

我正在使用Spring-boot&外部tomcat。

我如何配置我的应用程序检查,如果用户名/密码正确,请按照正常流量进行,否则在日志中打印异常?

在我的应用程序中没有UI,因此我不想显示任何登录页面/错误页面。我在这里发现的示例是基于UI的,这不是我的要求。

另外,如果解决方案需要配置tomcat,就像在此示例中一样,我该如何在没有web.xml的情况下完成此操作,因为我正在使用SpringBoot。

如果您使用tomcat Basic验证,则您的应用程序将绑定到Tomcat Web容器。

我认为,由于您的应用程序是基于弹簧启动的应用程序,您可以使用弹簧安全性并在其中启用基本身份验证。

遵循此帖子,在此帖子中,作者显示了如何使用弹簧安全性保护。

oauth2服务器配置

        import org.springframework.beans.factory.annotation.Autowired;
        import org.springframework.context.annotation.Configuration;
        import org.springframework.security.authentication.AuthenticationManager;
        import org.springframework.security.config.annotation.web.builders.HttpSecurity;
        import org.springframework.security.config.http.SessionCreationPolicy;
        import org.springframework.security.core.userdetails.UserDetailsService;
        import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
        import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
        import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
        import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
        import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
        import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
        import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
        import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
     public class AuthserverApplication extends WebMvcConfigurerAdapter {
                @Configuration
                @EnableResourceServer
                protected static class ResourceServer extends ResourceServerConfigurerAdapter {
                    @Override
                    public void configure(HttpSecurity http) throws Exception {
                        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                        .and()
                              .requestMatchers().antMatchers("/user/**","/api/v1/user")
                        .and()
                           .authorizeRequests()
                               .antMatchers("/user/**").authenticated()
                               .antMatchers("/api/v1/user").permitAll();

                    }
                    @Override
                    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
                        resources.resourceId("sparklr").stateless(false);
                    }
                }
                @Configuration
                @EnableAuthorizationServer
                protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
                    @Autowired
                    private AuthenticationManager authenticationManager;
                    @Autowired
                    private UserDetailsService userDetailsService;
                    @Override
                    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
                        endpoints.authenticationManager(authenticationManager).userDetailsService(userDetailsService);
                    }
                    @Override
                    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
                        clients.inMemory().withClient("act_client").authorizedGrantTypes("password", "refresh_token").scopes("read",
                                "write", "trust");
                    }
                }
            }

UserDetailsservice实现

import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.flasher.entity.AuthorityM;
import com.flasher.entity.User;
import com.flasher.repository.UserRepository;
import java.util.HashSet;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
@Service
public class UserDetailsInfo implements UserDetailsService {
    @Autowired
    UserRepository userRepository;
    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
        User user = userRepository.findByUsername(userName);
        Set<AuthorityM> authorityMs = user.getAuthorityMs();
        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
        authorityMs.stream().forEach(authorityM -> {
            authorities.add(new SimpleGrantedAuthority(authorityM.getRole()));
        });
        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(),
                authorities);
    }
}

实现" org.springframework.security.core.userdetails.userdetailsservice" opringframework.security.core.core.userdetails.usersersersersersersersersersersersersersersersersersersers oauth server

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium