BasicAuth 使用 Spring 启动
BasicAuth using Spring boot
在我的设置中,我有一个上游系统向我的系统发送 Http 请求。这些 Http 请求在其 header.
中包含 basicAuth 令牌
我正在使用 Spring-boot 和外部 tomcat。
我如何配置我的应用程序来检查,如果 username/password 正确则遵循正常流程,否则在日志中打印异常?
在我的应用程序中没有 UI,所以我不想显示任何登录 page/error 页面。我发现的示例 here 是基于 UI,这不是我的要求。
此外,如果解决方案需要配置 tomcat,就像这个 example,我如何在没有 web.xml 的情况下配置,因为我正在使用 Springboot。
如果您使用 Tomcat 基本身份验证,那么您的应用程序将绑定到 Tomcat Web 容器。
我认为由于您的应用是 Spring 基于启动的,您可以在其中使用 Spring 安全并启用基本身份验证。
关注此 post,其中作者展示了如何使用 Spring 安全性进行保护。
OAUTH2 服务器配置
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
public class AuthserverApplication extends WebMvcConfigurerAdapter {
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.requestMatchers().antMatchers("/user/**","/api/v1/user")
.and()
.authorizeRequests()
.antMatchers("/user/**").authenticated()
.antMatchers("/api/v1/user").permitAll();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("sparklr").stateless(false);
}
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).userDetailsService(userDetailsService);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("act_client").authorizedGrantTypes("password", "refresh_token").scopes("read",
"write", "trust");
}
}
}
UserDetailsService 实现
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.flasher.entity.AuthorityM;
import com.flasher.entity.User;
import com.flasher.repository.UserRepository;
import java.util.HashSet;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
@Service
public class UserDetailsInfo implements UserDetailsService {
@Autowired
UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userRepository.findByUsername(userName);
Set<AuthorityM> authorityMs = user.getAuthorityMs();
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorityMs.stream().forEach(authorityM -> {
authorities.add(new SimpleGrantedAuthority(authorityM.getRole()));
});
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(),
authorities);
}
}
实施 "org.springframework.security.core.userdetails.UserDetailsService" 初始化和 return "org.springframework.security.core.userdetails.User" 实例通过 OAUTH 服务器进行身份验证
在我的设置中,我有一个上游系统向我的系统发送 Http 请求。这些 Http 请求在其 header.
basicAuth 令牌
我正在使用 Spring-boot 和外部 tomcat。
我如何配置我的应用程序来检查,如果 username/password 正确则遵循正常流程,否则在日志中打印异常?
在我的应用程序中没有 UI,所以我不想显示任何登录 page/error 页面。我发现的示例 here 是基于 UI,这不是我的要求。
此外,如果解决方案需要配置 tomcat,就像这个 example,我如何在没有 web.xml 的情况下配置,因为我正在使用 Springboot。
如果您使用 Tomcat 基本身份验证,那么您的应用程序将绑定到 Tomcat Web 容器。
我认为由于您的应用是 Spring 基于启动的,您可以在其中使用 Spring 安全并启用基本身份验证。
关注此 post,其中作者展示了如何使用 Spring 安全性进行保护。
OAUTH2 服务器配置
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
public class AuthserverApplication extends WebMvcConfigurerAdapter {
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.requestMatchers().antMatchers("/user/**","/api/v1/user")
.and()
.authorizeRequests()
.antMatchers("/user/**").authenticated()
.antMatchers("/api/v1/user").permitAll();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("sparklr").stateless(false);
}
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).userDetailsService(userDetailsService);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("act_client").authorizedGrantTypes("password", "refresh_token").scopes("read",
"write", "trust");
}
}
}
UserDetailsService 实现
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.flasher.entity.AuthorityM;
import com.flasher.entity.User;
import com.flasher.repository.UserRepository;
import java.util.HashSet;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
@Service
public class UserDetailsInfo implements UserDetailsService {
@Autowired
UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
User user = userRepository.findByUsername(userName);
Set<AuthorityM> authorityMs = user.getAuthorityMs();
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorityMs.stream().forEach(authorityM -> {
authorities.add(new SimpleGrantedAuthority(authorityM.getRole()));
});
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(),
authorities);
}
}
实施 "org.springframework.security.core.userdetails.UserDetailsService" 初始化和 return "org.springframework.security.core.userdetails.User" 实例通过 OAUTH 服务器进行身份验证