Spring Boot誓言多令牌认证路径

Question

我目前在我的网站上使用Spring Boot OAuth2进行令牌认证。我需要创建一种其他的登录方式。到目前为止，我设法使其正常工作的唯一方法是提供第二个AuthenticationProvider，并在每次用户尝试通过任一登录方法登录时都在这两个提供程序中运行。理想情况下，我不想这样做。以下是一些我想做的事情：

1. 我有一个自定义的AuthenticationManager。我将传入Authentication.details（）参数，该参数指定我要使用的路径。我将在AuthenticationManager中阅读此内容并调用相应的AuthenticationProvider。
2. 我当前正在呼叫/ oath / token端点。也许我可以使用其自己的AuthenticationProvider创建另一个默认的spring端点。
3. 在控制器中创建自己的端点，然后手动执行令牌身份验证。

这是我到目前为止的代码：

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {


@Autowired
private UserInfoDao userInfoDao; // Existing Dao

@Autowired
private AccessTokenAuthenticationProvider accessTokenAuthenticationProvider; // My new AuthenticationProvider

// Currently runs through both these providers
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsServiceFacade()).passwordEncoder(passwordEncoder()); // Existing
    auth.authenticationProvider(accessTokenAuthenticationProvider); // New
}


@Bean
UserDetailsService UserDetailsService() {
    return new UserDetailsService(userInfoDao, passwordEncoder());
}

@Bean
UserDetailsServiceFacade userDetailsServiceFacade() {
    return new UserDetailsServiceFacade(UserDetailsService());
}

@Bean
public FailedLoginAuthenticationManagerDecorator authDecorator() throws Exception {
    return new FailedLoginAuthenticationManagerDecorator(authenticationManagerBean(), UserDetailsService());
}

@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

@Bean
public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder(12);
}


@Override
public void configure(HttpSecurity http) throws Exception{
    http.csrf().disable();
    // setup security
    http.authorizeRequests()
        .anyRequest()
        .fullyAuthenticated()
        .and().httpBasic();
}

@Configuration
@EnableResourceServer // Activates OAuth2 based authentication/authorization for the "user" resource
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        // all endpoints not exempted from security, require caller to be authenticated:
        http.authorizeRequests()
            .antMatchers("/**/user/authenticated").permitAll()
            .anyRequest().authenticated();
    }
}

}