我正在寻找一种方法来在从Java EE容器(使用Kerberos)预先验证用户时添加一些自定义代码。我正在使用Spring Security进行授权,这非常有效。但现在我希望能够使用简单的Spring服务(然后是存储库)方法检测当前用户是否存在于数据库中。
我的SecurityConfig.java文件
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.logout()
.logoutUrl("/rest/logout")
.logoutSuccessUrl("/static/jsp/logout.jsp")
.invalidateHttpSession(true)
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/login","/accessDenied", "/resources/**", "/static/*").permitAll()
.antMatchers("/security/*").hasRole("ADMIN")
.anyRequest().authenticated()
.anyRequest().hasRole("USER")
.and().anonymous().disable()
.jee()
.mappableRoles("USER","ADMIN");
}
}
我的筹码:
非常感谢任何示例或提示。
谢谢
答案 0 :(得分:1)
您可以像这样实现您的AuthenticatioSuccessHandler
@Component
public class MyAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@Autowired
private UserService userService;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws ServletException, IOException {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth == null && auth.isAuthenticated()) {
String username = auth.getPrincipal().toString();
UserData userData = userService.getUserData(username);
// And then here more checks, handlings etc.
}
super.onAuthenticationSuccess(request, response, authentication);
}
}
注册。
我希望它有所帮助。