针对客户和员工的Spring Security用户身份验证 [英] Spring Security user authentication against customers and employee

问题描述

我是Spring Security的新手.我有一个带有两种不同类型实体的Spring Boot应用程序.客户和员工.在员工中，我有普通员工，管理员和超级用户.由于我使用的是JPA，因此每个实体都有自己的repository.如何用loadUserByUsername为我的UserDetailsService建模，因为这是针对许多存储库进行验证的常用方法.有什么我需要围绕实体建模的东西吗?

其他信息:

在我的设计中，我有两个实体. Customer和Employee. Employee将具有类似NORMAL，ADMIN和SUPER_USER的角色.客户是一个不同的实体.

是否会有两个UserDetailsService和两个AuthenticationProvider分别指向其自己的表(客户和员工)?

解决方案

由于您需要具有多个身份验证入口点，所以这不像Atul的回答那么简单.

您需要的是

1. 您需要在登录时区分客户和员工.(首选方式单选按钮)

2. 您需要实现自定义身份验证过滤器，即，实现UsernamePasswordAuthenticationFilter而不是spring-security所提供的默认.formLogin()

3. 创建两个UsernamePasswordAuthenticationToken作为EmployeeUsernamePasswordAuthenticationToken和CustomerUsernamePasswordAuthenticationToken

4. 在您的自定义过滤器中，从请求中获取userType并基于userType将authToken设置为empAuthToken或customerAuthToken，以区分所需的身份验证提供程序.

5. 将AuthenticationProvider创建为EmployeeCustomAuthenticationProvider和CustomerCustomAuthenticationProvider，其中每个AuthenticationProvider都应被覆盖，该方法支持AuthenticationProvider支持特定令牌customerAuthToken或employeeAuthToken的方法.

6. 覆盖已通过身份验证方法传递身份验证方法的身份验证方法，从中可以获取用户名和密码，可以将用户名和密码传递给任何自定义服务以对用户进行身份验证并授予用户所需的权限.

在实现CustomAuthenticationFilter时，还需要提供自定义的authenticationSuccessHandler和AuthenticationFailureHandlers.

如果您毫无错误地实现了上述所有内容，则可以避免在配置了两个customAuthenticationProviders的情况下默认由spring-security提供的后备身份验证.

有关使用java配置实现多个身份验证入口点的更多详细信息，请参见下面给出的我的答案 具有不同UsernamePasswordAuthToken的多个AuthenticationProvider可以对不同的登录表单进行身份验证而无需回退身份验证

，您还可以从我的github存储库下载工作代码

I am new to Spring Security. I have a Spring Boot application with two different types of entities. Customers and employees. In Employees I have normal employees, admins and super users. Since I am using JPA, each entity has its own repository. How to model my UserDetailsService with loadUserByUsername since this is a common method to validate against many repositories. Is there anything that I am missing to model around my entities?

Additional Info:

In my design, I have two entities. Customer and Employee. Employee will have roles like NORMAL, ADMIN and SUPER_USER. Customer is a different entity.

Will there be two UserDetailsService and two AuthenticationProvider each pointing to its own table (Customer and Employee)?

解决方案

As your requirement is to have multiple authentication entry points it is not as simple as Atul's answer.

What you need is

1. You need to differentiate customer and employee while logging in. (Preferred way radio button)

2. You need to implement your custom authentication filter i.e, implementation of UsernamePasswordAuthenticationFilter instead of spring-security provided default .formLogin()

3. Create two UsernamePasswordAuthenticationToken as EmployeeUsernamePasswordAuthenticationToken and CustomerUsernamePasswordAuthenticationToken

4. In your custom filter get userType from request and based on userType set authToken as empAuthToken or customerAuthToken to differentiate required authentication provider.

5. Create AuthenticationProvider as EmployeeCustomAuthenticationProvider and CustomerCustomAuthenticationProvider where each AuthenticationProvider should be overridden supports method where AuthenticationProvider supports specific token either customerAuthToken or employeeAuthToken.

6. Override authenticate method where authenticate method has been passed with Authentication parameter from which you can get both username and password which you can pass to any of you custom service to authenticate user and grant authorities required for user.

While implementing your CustomAuthenticationFilter it is also required to provide your custom authenticationSuccessHandler and AuthenticationFailureHandlers.

If you implement all above without any mistake you can avoid fallback authentication which spring-security provides by default if two customAuthenticationProviders are configured.

For more detail of implementing multiple authentication entry point using java configuration refer my answer given below Multiple AuthenticationProvider with different UsernamePasswordAuthToken to authenticate different login forms without fallback authentication

and also you can download working code from my github repository

这篇关于针对客户和员工的Spring Security用户身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！