使用 spring-security-core 进行预认证 [英] Hooking into pre-authentication with spring-security-core
问题描述
当用户尝试根据其用户名登录时,我需要做一些自定义的事情,但这些事情需要在身份验证过程之前发生.这是我到目前为止所得到的.
I'm needing to do some custom things when a user tries to log in depending on their username but these things need to happen before the authentication process. Here's what I've got so far.
我们的系统允许使用多个电子邮件地址,并且客户希望用户能够使用其中任意一个进行身份验证.为此,我创建了一个自定义 UserDetailsService 并让代码适当地查找用户.
Our system allows for multiple email addresses and the client wants the user to be able to authenticate using any 1 of them. To allow for this I created a custom UserDetailsService and had the code lookup the user appropriately.
我需要做的其他事情需要在用户对象上添加一些 spring-security 并不真正了解或关心的标志.但是我需要连接到 auth 过程,检查这些标志,并向用户返回适当的错误消息.举一个更具体的例子,我需要知道这是否是用户第一次登录系统.所以我们在用户上有一个标志来跟踪这个.当用户尝试进行身份验证时,我需要读取此值并执行一些操作,包括向用户发送消息并停止身份验证.
The other things I need to do require a few flags on the user object that spring-security doesn't really know or care about. But I need to hook into the auth process, check these flags, and return appropriate error messages to the user. To give a more concrete example, I need to know if this is the first time a user has ever logged into the system. So we have a flag on the user to track this. When the user tries to authenticate, I need to read this value and do some stuff, including sending a message back to the user and halting authentication.
我查看了文档中的事件侦听器机制,但我没有看到如何通过侦听器注入我自己的工作流.我需要做这样的流程:
I looked into the Event Listener mechanisms in the documentation but what I am not seeing how to do is how to inject my own workflow via the listeners. I need to do a flow like this:
使用有效电子邮件但第一次进行身份验证 -> 取消身份验证 -> 在登录页面上显示消息
Auth with valid email but first time -> cancel authentication -> display message on login page
我想如果我能处理好一个场景,我就能找出我需要的其他场景.
I think if I can get that one scenario handled, I can figure the others out that I need.
更新:我现在正在阅读过滤器,看看我是否遗漏了什么......
UPDATE: I'm reading on filters now to see if I missed something...
推荐答案
最简单的方法是加入认证过程,提供你自己的 AuthenticationProvider.只有两种方法可以实现.在 authenticate() 中,您可以执行所有自定义操作.
The simplest was to hook into the authentication process is to provide your own AuthenticationProvider. There are only two methods to implement. In authenticate() you can do all of your custom stuff.
要将您的提供者配置到框架中,请执行以下操作:
To configure your provider into the framework do something like:
<authentication-manager>
<authentication-provider ref="myAuthenticationProvider" />
</authentication-manager>
这篇关于使用 spring-security-core 进行预认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
