编程语言
首页 > 编程语言> > 将自定义UserDetailsS​​ervice添加到Spring Security OAuth2应用程序

将自定义UserDetailsS​​ervice添加到Spring Security OAuth2应用程序

作者:互联网

如何将下面的自定义UserDetailsS​​ervice添加到this Spring OAuth2 sample

默认密码的默认用户在authserver应用程序的application.properties文件中定义.

但是,我想将以下自定义UserDetailsS​​ervice添加到the demo package of the authserver app以进行测试:

package demo;

import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.provisioning.UserDetailsManager;
import org.springframework.stereotype.Service;

@Service
class Users implements UserDetailsManager {

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        String password;
        List<GrantedAuthority> auth = AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER");
        if (username.equals("Samwise")) {
            auth = AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_HOBBIT");
            password = "TheShire";
        }
        else if (username.equals("Frodo")){
            auth = AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_HOBBIT");
            password = "MyRing";
        }
        else{throw new UsernameNotFoundException("Username was not found. ");}
        return new org.springframework.security.core.userdetails.User(username, password, auth);
    }

    @Override
    public void createUser(UserDetails user) {// TODO Auto-generated method stub
    }

    @Override
    public void updateUser(UserDetails user) {// TODO Auto-generated method stub
    }

    @Override
    public void deleteUser(String username) {// TODO Auto-generated method stub
    }

    @Override
    public void changePassword(String oldPassword, String newPassword) {
        // TODO Auto-generated method stub
    }

    @Override
    public boolean userExists(String username) {
        // TODO Auto-generated method stub
        return false;
    }
}

正如您所看到的,此UserDetailsS​​ervice尚未自动装配,并且它故意使用不安全的密码,因为它仅用于测试目的.

需要对the GitHub sample app进行哪些具体更改,以便用户可以使用password = TheShire以username = Samwise登录,或者使用password = MyRing作为username = Frodo?是否需要对AuthserverApplication.java或其他地方进行更改?

几点建议:

Spring OAuth2 Developer Guide表示使用GlobalAuthenticationManagerConfigurer全局配置UserDetailsS​​ervice.但是,使用Google搜索这些名称会产生不太有用的结果.

此外,使用内部Spring安全性INSTEAD OF OAuth的另一个应用程序使用以下语法来连接UserDetailsS​​ervice,但我不确定如何将其语法调整为当前OP:

@Order(Ordered.HIGHEST_PRECEDENCE)
@Configuration
protected static class AuthenticationSecurity extends GlobalAuthenticationConfigurerAdapter {

    @Autowired
    private Users users;

    @Override
    public void init(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(users);
    }
}

我尝试在OAuth2AuthorizationConfig中使用@Autowire将用户连接到AuthorizationServerEndpointsConfigurer,如下所示:

@Autowired//THIS IS A TEST
private Users users;//THIS IS A TEST

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
   endpoints.authenticationManager(authenticationManager)
        .accessTokenConverter(jwtAccessTokenConverter())
        .userDetailsService(users)//DetailsService)//THIS LINE IS A TEST
        ;
}

但Spring Boot日志表明未找到用户Samwise,这意味着UserDetailsS​​ervice未成功连接.以下是Spring Boot日志的相关摘录:

2016-04-20 15:34:39.998 DEBUG 5535 --- [nio-9999-exec-9] o.s.s.a.dao.DaoAuthenticationProvider    :  
        User 'Samwise' not found
2016-04-20 15:34:39.998 DEBUG 5535 --- [nio-9999-exec-9]   
        w.a.UsernamePasswordAuthenticationFilter :  
        Authentication request failed:  
        org.springframework.security.authentication.BadCredentialsException:  
        Bad credentials

我还能尝试什么?

最佳答案:

在使用Spring Security开发我的oauth服务器时遇到了类似的问题.我的情况略有不同,因为我想添加一个UserDetailsS​​ervice来验证刷新令牌,但我认为我的解决方案也会对你有所帮助.

和你一样,我首先尝试使用AuthorizationServerEndpointsConfigurer指定UserDetailsS​​ervice,但这不起作用.我不确定这是一个bug还是设计,但需要在AuthenticationManager中设置UserDetailsS​​ervice,以便各种oauth2类找到它.这对我有用:

@Configuration
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  Users userDetailsService;

  @Autowired
  public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService);
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
    // other stuff to configure your security
  }

}

我想如果您从第73行开始更改以下内容,它可能对您有用:

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.parentAuthenticationManager(authenticationManager)
        .userDetailsService(userDetailsService);
}

您当然还需要添加@Autowired Users userDetailsS​​ervice; WebSecurityConfigurerAdapter中的某个地方

我想提到的其他事情:

>这可能是版本特定的,我在spring-security-oauth2 2.0.12
>我不能引用任何来源为什么会这样,我甚至不确定我的解决方案是真正的解决方案还是黑客攻击.
>指南中提到的GlobalAuthenticationManagerConfigurer几乎肯定是一个错字,我无法在源代码中的任何地方找到该字符串中的任何内容.

标签:spring,spring-security,spring-boot-2,spring-security-oauth2,spring-oauth2
来源: https://codeday.me/bug/20190516/1115677.html