如何在 Spring 中对预定进程的系统用户进行身份验证? [英] How can I authenticate a system user for scheduled processes in Spring?

问题描述

我们有一个 Quartz/Spring Batch 作业，出于审计日志记录的目的，我们希望它以系统用户的身份进行身份验证".我们的一些方法依赖于获取 SecurityContext 来做到这一点.运行此作业的方式是可信的(或经过身份验证的).我们不想实际使用密码或其他令牌(因为该过程基本上总是由石英产生).

we have a Quartz/Spring Batch job, that for audit logging purposes we'd like to have it "authenticated" as a system user. Some of our methods rely on fetching the SecurityContext to do this. The ways of running this job are trusted (or authenticated). We don't want to actually use a password or other token (since the process is basically always spawned by quartz).

我试过了

private void authenticate() {
    UserDetails admin = userDetailsService.loadUserByUsername( "admin" );

    RunAsUserToken token = new RunAsUserToken(
            UUID.randomUUID().toString(), admin, admin.getAuthorities(), null , null );

    Authentication user = authenticationManager.authenticate( token );

    if ( user.isAuthenticated() ) {
        SecurityContext sc = new SecurityContextImpl();
        sc.setAuthentication( user );
        SecurityContextHolder.setContext( sc );
    }
}

但结果是

org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.access.intercept.RunAsUserToken

而且我不确定某些 RunAsUserToken 参数的作用(例如密钥)，或者我应该在凭据方面提供什么.

and I'm not sure what some of RunAsUserToken parameters do (e.g. key) or what I should be giving it in regards to Credentials.

我如何验证或以其他方式设置安全上下文，就好像它被验证为此用户一样?

How can I authenticate or otherwise set the security context as if it was authenticated as this user?

推荐答案

我还不确定 RunAsUserToken.我认为它的目的是在某人已经通过身份验证时使用，但应用程序如何作为另一个用户执行某些操作.

I'm not sure yet about the RunAsUserToken. I think it is intended to be used when someone is already authenticated, but the application what to execute something as another user.

我在这里找到了一个使用它的例子.

但是，也许你真的不需要那个.如果是这种情况，您可以这样做:

But, maybe you don't really need that. If it is the case, you could just do :

Authentication auth = new UsernamePasswordAuthenticationToken(admin.getUsername(), admin.getPassword(), admin.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);

然后管理员将通过身份验证.此外，您不需要使用 admin.getPassword() 因为它不会被检查.

And then admin will be authenticated. Also, you don't need to use admin.getPassword() since it won't be checked anyway.

请注意，您不必创建安全上下文:它已经存在.我认为它默认是 ThreadLocal.

Note that you don't have to create the security context : it already exists. I think it is ThreadLocal by default.

这篇关于如何在 Spring 中对预定进程的系统用户进行身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！