spring security 中配置多個 AuthenticationManager
阿新 • • 發佈:2018-11-08
基於spring-security4.2.x和security-oauth2.3.x
在使用Security配置Oauth2.0的時候需要多個authenticationManager來管理來自不同方向的認證管理,比如一個clientAuthenticationManager用來認證client_id和client_secret,配置另外一個authenticationManager來認證username和password
錯誤的配置方法:
<!-- authenticationManager for username and password --> <!-- 不能用alias!! --> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider> <security:user-service id="userDetailsService"> <security:user name="admin" password="111111" authorities="ROLE_USER" /> <security:user name="user" password="111111" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> <!--客戶端訪問認證器--> <!-- authenticationManager for client_id and client_secret --> <security:authentication-manager id="clientAuthenticationManager"> <security:authentication-provider user-service-ref="clientDetailsUserDetailsService"/> </security:authentication-manager>
發現這樣配置之後認證不能通過,全部都是以clientAuthenticationManager來認證管理。因為用id命名的clientAuthenticationManager會覆蓋alias命名的authenticationManager,實踐證明id會覆蓋alias命名的authenticationManager
解決方案
1.對<security:authentication-manager>標籤都使用id來指定authenticationManger的名稱,這樣就建立了兩個不同的例項:
<security:authentication-manager id="authenticationManager" erase-credentials="true"> <security:authentication-provider> <security:user-service id="userDetailsService"> <security:user name="admin" password="111111" authorities="ROLE_USER" /> <security:user name="user" password="111111" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> <!-- authenticationManager for client_id and client_secret --> <security:authentication-manager id="clientAuthenticationManager"> <security:authentication-provider user-service-ref="clientDetailsUserDetailsService"/> </security:authentication-manager>
2.使用Bean方案建立:
<!-- authenticationManager for username and password --> <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> <constructor-arg> <list> <bean class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="userDetailsManager"/> </bean> </list> </constructor-arg> </bean> <security:user-service id="userDetailsManager"> <security:user name="admin" password="111111" authorities="ROLE_USER" /> <security:user name="user" password="111111" authorities="ROLE_USER" /> </security:user-service> <!-- authenticationManager for client_id and client_secret --> <security:authentication-manager id="clientAuthenticationManager"> <security:authentication-provider user-service-ref="clientDetailsUserDetailsService"/> </security:authentication-manager>