多重身份验证使用jdbcAuthentification和AD身份验证

huangapple 未分类评论55阅读模式
英文:

Multiple Authentification using jdbcAuthentification and AD authentification

问题

我再次需要您的帮助。我需要通过JDBC或AD对我的应用进行身份验证,但它必须同时适用于两种方式。例如,当我尝试使用JDBC用户进行身份验证时,我的程序必须与数据库中的用户连接,但当我使用AD登录时,它必须与AD用户连接。

以下是我的代码,但是当我按照下面的顺序(1)连接到JDBC时,我只能连接到JDBC,而当我有代码来创建authentificationProvider时,我只能在使用AD登录时登录。

@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Autowired
	private ClientDetailsService clientDetailsService;

	@Autowired
	private DataSource primaryDataSource;

	// @Autowired
	// private AuthenticationProvider authenticationProvider;

	// @Autowired
	// private AuthenticationProvider authenticationProviderAD;

	@Value("${security.authentication.provider}")
	private String authProvider;

	@Value("${ad.domain:#{null}}")
	private String adDomain;

	// TODO 将系统类似的配置转移到Java中,并且不再使用系统类似的配置,使其变为可选
	@Value("${ad.url:#{null}}")
	private String adUrl;

	@Override
	@Order(1)
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		RecursiveAdProvider adProvider = new RecursiveAdProvider(adDomain, adUrl);
		adProvider.setConvertSubErrorCodesToExceptions(true);
		adProvider.setUseAuthenticationRequestCredentials(true);
		auth.authenticationProvider(adProvider);
		auth.eraseCredentials(false);
	}

	@Order(2)
	protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		auth.jdbcAuthentication().dataSource(primaryDataSource)
				.usersByUsernameQuery("select username, password, enabled from users where username=?")
				.authoritiesByUsernameQuery(
						"select username, authority from user_authority JOIN authorities ON user_authority.authority_id = authorities.id where username=?")
				.passwordEncoder(new BCryptPasswordEncoder());
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable().anonymous().disable().authorizeRequests().antMatchers("/oauth/token").permitAll();
	}

	@Override
	@Bean
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}

	@Bean
	public TokenStore tokenStore() {
		return new InMemoryTokenStore();
	}

	@Bean
	@Autowired
	public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore) {
		TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
		handler.setTokenStore(tokenStore);
		handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
		handler.setClientDetailsService(clientDetailsService);
		return handler;
	}

	@Bean
	@Autowired
	public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
		TokenApprovalStore store = new TokenApprovalStore();
		store.setTokenStore(tokenStore);
		return store;
	}
}

您能帮助我吗?

英文:

I need your help again. I need to authentificate to my app by JDBC or AD, but it must work all. For example, when I try to authentificate using JDBC user, my program has to connect with user from database, but when i put there AD login, it has to connect with AD user.

Here is my code, but when I have below order(1) code to connect to JDBC , I Can connect ONLY with JDBC and when i have there code to create authentificationProvider i can sign in just when i am using AD login.

@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Autowired
	private ClientDetailsService clientDetailsService;

	@Autowired
	private DataSource primaryDataSource;

	// @Autowired
	// private AuthenticationProvider authenticationProvider;

	// @Autowired
	// private AuthenticationProvider authenticationProviderAD;

	@Value("${security.authentication.provider}")
	private String authProvider;

	@Value("${ad.domain:#{null}}")
	private String adDomain;

	// TODO shift system like configuration into java, and no system like
	// configuration make it optional
	@Value("${ad.url:#{null}}")
	private String adUrl;

	@Override
	@Order(1)
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
   RecursiveAdProvider adProvider = new RecursiveAdProvider(adDomain, adUrl);
	adProvider.setConvertSubErrorCodesToExceptions(true);
	adProvider.setUseAuthenticationRequestCredentials(true);
	auth.authenticationProvider(adProvider);
	auth.eraseCredentials(false);
	}

	@Order(2)
	protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		auth.jdbcAuthentication().dataSource(primaryDataSource)
				.usersByUsernameQuery("select username, password, enabled from users where username=?")
				.authoritiesByUsernameQuery(
						"select username, authority from user_authority JOIN authorities ON user_authority.authority_id = authorities.id where username=?")
				.passwordEncoder(new BCryptPasswordEncoder());
	}



	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable().anonymous().disable().authorizeRequests().antMatchers("/oauth/token").permitAll();
	}

	@Override
	@Bean
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}

	@Bean
	public TokenStore tokenStore() {
		return new InMemoryTokenStore();
	}

	@Bean
	@Autowired
	public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore) {
		TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
		handler.setTokenStore(tokenStore);
		handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
		handler.setClientDetailsService(clientDetailsService);
		return handler;
	}

	@Bean
	@Autowired
	public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
		TokenApprovalStore store = new TokenApprovalStore();
		store.setTokenStore(tokenStore);
		return store;
	}}

Can you help me?

huangapple
  • 本文由 发表于 2020年7月24日 19:41:00
  • 转载请务必保留本文链接:https://java.coder-hub.com/63072827.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定