我正在为我的网络应用程序使用http基本身份验证。它有多个enpoints。我的要求是验证用户一次,并访问这些不同的端点。下面是当前的Spring安全配置。
<context:component-scan base-package="com.test.security" />
<sec:http use-expressions="true">
<sec:intercept-url pattern="/**" access="hasAnyRole('Admin','Data Operator','Data Collector')" />
<sec:http-basic />
</sec:http>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider
user-service-ref="myAuthenticationProvider">
<sec:password-encoder ref="encoder" />
</sec:authentication-provider>
</sec:authentication-manager>
<bean id="myAuthenticationProvider"
class="com.test.security.MyUserDetailsService" />
<bean id="encoder"
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder">
</bean>
以下是身份验证提供程序
的实现 package com.test.security;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.test.business.objects.Adminrole;
import com.test.business.objects.Adminuser;
import com.test.business.repository.AdminroleRepository;
import com.test.repository.AdminuserRepository;
@Service
public class MyUserDetailsService implements UserDetailsService{
@Autowired
private AdminuserRepository adminuserRepository;
@Autowired
private AdminroleRepository adminroleRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException{
//find admin user by user name
List<Adminuser> adminUsers = adminuserRepository.findByUsername(username);
Adminuser adminUser = adminUsers.get(0);
//find admin roles by user
List<Adminrole> adminRoles = adminroleRepository.getAdminRolesByUserId(adminUser.getUserid());
//create user details object
MyUserDetails userdetails = new MyUserDetails(adminUser, adminRoles);
return userdetails;
}
}