没有用户服务的Spring Security X.509身份验证 [英] Spring Security X.509 authentication without user-service
问题描述
我正在Web应用程序中使用Spring Security(v3.1.3)进行X.509身份验证.用户和角色存储在数据库中,但是实际上不需要这样做,因为客户端证书的CN符合"[ROLE]-[USERNAME]"架构,这意味着我已经具有证书本身的用户名和角色.那么,如何在不花费太多精力的情况下消除数据库呢?我应该编写自己的用户服务实现(将填充UserDetails)还是有更优美的方法?
I'm using Spring Security (v3.1.3) for X.509 authentication in my web-application. Users and roles are stored in the Database, but I don't actually need to do it, as CNs of client certificates conform to "[ROLE] - [USERNAME]" schema, which means I already have username and role from the certificate itself. So how to eliminate the database without too much effort? Should I write my own implementation of user-service, which will populate UserDetails, or is there more graceful method?
推荐答案
是的,最简单的选择可能是编写自定义的 AuthenticationUserDetailsService< PreAuthenticatedAuthenticationToken>
.实现将是这样的:
Yes, the simplest option is probably to write a custom AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>
. The implementations would be something like this:
UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken token) {
X509Certificate certificate = (X509Certificate[)token.getCredentials();
// Extract what you want from the certificate
...
// Create the user information
UserDetails user = ...
return user;
}
您应该能够直接在 user-service-ref
名称空间属性< x509 user-service-ref ='yourUserServiceBean'/>
.
You should be able to use a reference to this bean directly in the user-service-ref
namespace attribute <x509 user-service-ref='yourUserServiceBean' />
.
这篇关于没有用户服务的Spring Security X.509身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!