英文:
Multiple Authentification using jdbcAuthentification and AD authentification
问题
我再次需要您的帮助。我需要通过JDBC或AD对我的应用进行身份验证,但它必须同时适用于两种方式。例如,当我尝试使用JDBC用户进行身份验证时,我的程序必须与数据库中的用户连接,但当我使用AD登录时,它必须与AD用户连接。
以下是我的代码,但是当我按照下面的顺序(1)连接到JDBC时,我只能连接到JDBC,而当我有代码来创建authentificationProvider时,我只能在使用AD登录时登录。
@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private DataSource primaryDataSource;
// @Autowired
// private AuthenticationProvider authenticationProvider;
// @Autowired
// private AuthenticationProvider authenticationProviderAD;
@Value("${security.authentication.provider}")
private String authProvider;
@Value("${ad.domain:#{null}}")
private String adDomain;
// TODO 将系统类似的配置转移到Java中,并且不再使用系统类似的配置,使其变为可选
@Value("${ad.url:#{null}}")
private String adUrl;
@Override
@Order(1)
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
RecursiveAdProvider adProvider = new RecursiveAdProvider(adDomain, adUrl);
adProvider.setConvertSubErrorCodesToExceptions(true);
adProvider.setUseAuthenticationRequestCredentials(true);
auth.authenticationProvider(adProvider);
auth.eraseCredentials(false);
}
@Order(2)
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(primaryDataSource)
.usersByUsernameQuery("select username, password, enabled from users where username=?")
.authoritiesByUsernameQuery(
"select username, authority from user_authority JOIN authorities ON user_authority.authority_id = authorities.id where username=?")
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().anonymous().disable().authorizeRequests().antMatchers("/oauth/token").permitAll();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
@Bean
@Autowired
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore) {
TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
handler.setTokenStore(tokenStore);
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
handler.setClientDetailsService(clientDetailsService);
return handler;
}
@Bean
@Autowired
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore);
return store;
}
}
您能帮助我吗?
英文:
I need your help again. I need to authentificate to my app by JDBC or AD, but it must work all. For example, when I try to authentificate using JDBC user, my program has to connect with user from database, but when i put there AD login, it has to connect with AD user.
Here is my code, but when I have below order(1) code to connect to JDBC , I Can connect ONLY with JDBC and when i have there code to create authentificationProvider i can sign in just when i am using AD login.
@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private DataSource primaryDataSource;
// @Autowired
// private AuthenticationProvider authenticationProvider;
// @Autowired
// private AuthenticationProvider authenticationProviderAD;
@Value("${security.authentication.provider}")
private String authProvider;
@Value("${ad.domain:#{null}}")
private String adDomain;
// TODO shift system like configuration into java, and no system like
// configuration make it optional
@Value("${ad.url:#{null}}")
private String adUrl;
@Override
@Order(1)
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
RecursiveAdProvider adProvider = new RecursiveAdProvider(adDomain, adUrl);
adProvider.setConvertSubErrorCodesToExceptions(true);
adProvider.setUseAuthenticationRequestCredentials(true);
auth.authenticationProvider(adProvider);
auth.eraseCredentials(false);
}
@Order(2)
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(primaryDataSource)
.usersByUsernameQuery("select username, password, enabled from users where username=?")
.authoritiesByUsernameQuery(
"select username, authority from user_authority JOIN authorities ON user_authority.authority_id = authorities.id where username=?")
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().anonymous().disable().authorizeRequests().antMatchers("/oauth/token").permitAll();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
@Bean
@Autowired
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore) {
TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
handler.setTokenStore(tokenStore);
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
handler.setClientDetailsService(clientDetailsService);
return handler;
}
@Bean
@Autowired
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore);
return store;
}}
Can you help me?
专注分享java语言的经验与见解,让所有开发者获益!
评论