Question

我试图创建一个Delegating身份验证提供程序来执行逻辑，然后再基于任意逻辑决定选择哪个authenticationProvider；就本例而言，如果用户名以前缀开头。

我当前的SecurityConfig，它将一次尝试一个身份验证提供程序：

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final MyCustomCredentialAuthProvider myAuthProvider;

    ...

    @Override
    protected void configure(AuthenticationManagerBuilder auth) {
        auth
          .ldapAuthentication().configuration(...).here(...).etc(...).and() // ldapAuthenticationProvider is created here
          .authenticationProvider(myAuthProvider).and()
          // more authentication providers to be added in the future
    }
}

根据用户名，我想选择是否要使用try提供程序，因此，如果用户名不是以特定前缀（“ ldap”，“ custom”， “ ad”，“ etc” ...），所以：

@Component
public class DelegatingProvider implements AuthenticationProvider {

    // Problem: How do I create this ldapAuthenticationProvider bean?
    private final LdapAuthenticationProvider ldapAuthenticationProvider;
    private final MyCustomCredentialAuthProvider myAuthProvider;

    ...

    @Override
    public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
        if (authentication.getName() == null) {
            throw new BadCredentialsException("No username provided");
        } else if (authentication.getName().startsWith("ldapPlease") }
           return ldapAuthProvider.authenticate(authentication);
        // } else if (...) { ...
        // } else if (...) { ...
        } else { 
           return myAuthProvider.authenticate(authentication);
        }
    }

    @Override
    public boolean supports(final Class<?> authentication) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);;
    }
}

当由SecurityConfig创建LdapProvider时，我似乎无法以这种方式进行接线-当以前由AuthBuilder在SecurityConfig中处理过的LdapProvider bean时，如何创建并接线呢？

Answer 1

    @Bean
    public LdapAuthenticationProvider ldapAuthentication() {
        return new LdapAuthenticationProviderConfigurer().configure(...).here(...).etc(...).build();
    }
    .....................................
    @Component
    public class DelegatingProvider implements AuthenticationProvider {

        @Autowired
        private LdapAuthenticationProvider ldapAuthenticationProvider;

        @Autowired
        private final MyCustomCredentialAuthProvider myAuthProvider;

        ...

        @Override
        public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
            if (authentication.getName() == null) {
                throw new BadCredentialsException("No username provided");
            } else if (authentication.getName().startsWith("ldapPlease") }
               return ldapAuthProvider.authenticate(authentication);
            // } else if (...) { ...
            // } else if (...) { ...
            } else { 
               return myAuthProvider.authenticate(authentication);
            }
        }

        @Override
        public boolean supports(final Class<?> authentication) {
            return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);;
        }
    }

并按照@NatFar指定

    @Autowired
    private DelegatingProvider delegatingProviderBean;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) {
        auth
          .authenticationProvider(delegatingProviderBean).and()
          // more authentication providers to be added in the future
    }

创建委托的身份验证提供程序（Spring Security）

1 个答案: