英文:
Spring, bath auth: Authorized by same login
问题
我有一个带有基本认证授权和会话的应用程序。我有具有相同登录但不同类型(如USER,ADMIN,OPERATOR)的用户(用户名与其类型一起是唯一的,即可以有2个名为John的用户(一个类型为USER,另一个类型为ADMIN)。但是不能有2个类型为USER的用户。对于每种类型,都有一个单独的前端所在的域。
我应该如何进行这种授权?
Spring服务UserDetails有一个方法loadUserByUsername(String login),我需要使用请求中的URL或其他内容来找到所需的用户。
英文:
I have app with bath auth authorization and sessions. I have users with same logins, but with different types(like USER, ADMIN, OPERATOR - the username is unique along with its type, i.e. there can be 2 users John (one with the type USER, the other with the type ADMIN). But there cannot be 2 users John with type USER. And for each type there is a separate domain where the front is located.
<br>How can i do such authorization? <br>
Spring service UserDetails has method loadUserByUsername(String login), and i need use url from request or something to find user that i need.
答案1
得分: 0
似乎您需要设置自定义授权。
Spring Security 参考文档 (https://spring.io/projects/spring-security#learn) 解释了如何设置自定义授权。
此外,https://www.baeldung.com/spring-security-authentication-provider 也提供了相关指导。
Spring Security 在实现特定用例的自定义类时非常出色,它可以通过实现其接口来实现。棘手的部分是找到适合实现自定义版本的适当接口,这需要一些探索才能发现。
英文:
Sounds like you'll need to setup custom authorization.
The Spring Security reference docs (https://spring.io/projects/spring-security#learn) address how to setup custom authorization.
Also, https://www.baeldung.com/spring-security-authentication-provider provides guidance there.
Spring Security is wonderful in it's ability to implement custom classes of it's interfaces for particular use cases. The tricky part is finding the appropriate interface to implement a custom version for and that takes a little digging to discover.
专注分享java语言的经验与见解,让所有开发者获益!
评论