采用弹簧安全核心进行预认证 [英] Hooking into pre-authentication with spring-security-core
问题描述
当用户试图根据用户名登录时,我需要做一些自定义的事情,但这些事情需要在认证过程之前发生。这是我迄今为止得到的。
我们的系统允许多个电子邮件地址,客户希望用户能够使用其中的任何一个进行身份验证。为了做到这一点,我创建了一个自定义的UserDetailsService,并让代码正确地查找用户。
我需要做的其他事情需要用户对象上的一些标志,安全并不真正知道或关心。但我需要挂钩auth进程,检查这些标志,并将适当的错误消息返回给用户。举一个更具体的例子,我需要知道这是用户第一次登录系统。所以我们在用户上有一个标志来跟踪这个。当用户尝试进行身份验证时,我需要读取此值并执行一些操作,包括向用户发送消息并暂停身份验证。
我查看了事件文档中的监听器机制,但我没有看到如何做的是如何通过监听器注入我自己的工作流。我需要这样做:
使用有效的电子邮件进行身份验证,但第一次 - >取消身份验证 - >在登录页面显示消息
我认为,如果我能处理一个场景,我可以根据需要找出其他人。
更新:我正在阅读现在过滤器,看看我是否错过了一些东西......
最简单的方法就是提供您自己的身份验证过程 AuthenticationProvider 。只有两种方法可以实施。在 authenticate()中,您可以完成所有自定义工作。
例如:
< authentication-manager>
< authentication-provider ref =myAuthenticationProvider/>
< / authentication-manager>
I'm needing to do some custom things when a user tries to log in depending on their username but these things need to happen before the authentication process. Here's what I've got so far.
Our system allows for multiple email addresses and the client wants the user to be able to authenticate using any 1 of them. To allow for this I created a custom UserDetailsService and had the code lookup the user appropriately.
The other things I need to do require a few flags on the user object that spring-security doesn't really know or care about. But I need to hook into the auth process, check these flags, and return appropriate error messages to the user. To give a more concrete example, I need to know if this is the first time a user has ever logged into the system. So we have a flag on the user to track this. When the user tries to authenticate, I need to read this value and do some stuff, including sending a message back to the user and halting authentication.
I looked into the Event Listener mechanisms in the documentation but what I am not seeing how to do is how to inject my own workflow via the listeners. I need to do a flow like this:
Auth with valid email but first time -> cancel authentication -> display message on login page
I think if I can get that one scenario handled, I can figure the others out that I need.
UPDATE: I'm reading on filters now to see if I missed something...
The simplest was to hook into the authentication process is to provide your own AuthenticationProvider. There are only two methods to implement. In authenticate() you can do all of your custom stuff.
To configure your provider into the framework do something like:
<authentication-manager>
<authentication-provider ref="myAuthenticationProvider" />
</authentication-manager>
这篇关于采用弹簧安全核心进行预认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
