允许 Spring Security + Cas Auth + 静态用户列表
我的应用程序具有 spring 安全配置,连接到 cas 服务器(工作):
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${cas.service-url}")
private String serviceUrl;
@Value("${cas.cas-url}")
private String casUrl;
@Autowired
private AuthenticationProvider authenticationProvider;
@Autowired
private AuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private SingleSignOutFilter singleSignOutFilter;
@Autowired
private LogoutFilter logoutFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.regexMatchers("/secured.*")
.authenticated()
.and()
.authorizeRequests()
.regexMatchers("/")
.permitAll()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
.addFilterBefore(logoutFilter, LogoutFilter.class);
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return new ProviderManager(Arrays.asList(authenticationProvider));
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties sP) throws Exception {
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setServiceProperties(sP);
filter.setAuthenticationManager(authenticationManager());
return filter;
}
现在我想添加一个自动登录列表,他们是唯一可以访问应用程序的人(即:访问他们必须在 cas 和静态列表中)。
String allowedLogin = List.of ("robert.bob", "john.jon");
我找到了这个链接:Spring security - specific users, 但我不知道如何实现“StaticUserProvider”以及在我的配置中配置它的位置。
慕姐42086262回答
-
跃然一笑
如果用户不在列表中,我认为最简单的方法是在 UserDetailsService 中抛出 UsernameNotFoundException 。像那样: provider.setUserDetailsService((s) -> { if(!allowedLogin.contains(s.getAssertion().getPrincipal().getName())) { throw new UsernameNotFoundException("user not authorized to use app"); } return new User(s, "fakepassword", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_ADMIN")); });
随时随地看视频慕课网APP
相关分类
Java