针对不同端点的多个用户详细信息服务 [英] Multiple user details services for different endpoints

查看:191
本文介绍了针对不同端点的多个用户详细信息服务的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用Spring构建REST API,目前正在使用自定义用户详细信息服务和以下配置代码对我的所有请求进行身份验证:

I am building a REST API using Spring and am currently authenticating all my requests using a custom user details service and this configuration code:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
}

我还设置了DaoAuthenticationProvider以使用我的用户详细信息服务,并使用它来配置全局安全性.

I am also setting up a DaoAuthenticationProvider to use the my user details service and using that to configure global security.

现在,我想提供一个端点(尽管仍通过HTTP基本身份验证进行保护),该端点使用其他用户详细信息服务来检查是否允许用户访问给定资源.

Now, I want to provide an endpoint that (while still secured with HTTP basic authentication) uses a different user details service to check whether the user is allowed to access the given resource.

如何为不同的端点使用两个不同的用户详细信息服务?

How do I use two different user details services for different endpoints?

推荐答案

您可以做的一件事情是拥有两个WebSecurityConfigurerAdapter:

One thing you can do is have two WebSecurityConfigurerAdapters:

@EnableWebSecurity
@Order(Ordered.HIGHEST_PRECEDENCE)
class FirstEndpointConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) {
        http
            .requestMatchers()
                .antMatchers("/specialendpoint")
                .and()
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .httpBasic();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) {
        auth.userDetailsService(/* first of your userDetailsServices */);
    }
}


@Configuration
class SecondEndpointConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) {
        http // all other requests handled here
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .httpBasic();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) {
        auth.userDetailsService(/* second of your userDetailsServices */);
    }
}

requestMatchers()用于将springSecurityFilterChain定位到特定端点.

requestMatchers() exists for targeting springSecurityFilterChains to specific endpoints.

这篇关于针对不同端点的多个用户详细信息服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆