如何解决无法将服务添加到AuthenticationProvider来验证HTTP标头值
当前,我的项目对/ app / *中的URL具有UsernamePasswordAuthentication。我想要对/ api / *中的所有端点使用不同的身份验证机制(使用两个自定义字段)。为此,我以以下方式配置。
自定义过滤器类
public class AgentFilter extends AbstractAuthenticationProcessingFilter {
public AgentFilter() {
super("/api/*");
}
@Override
public Authentication attemptAuthentication(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse) throws AuthenticationException,IOException,servletexception {
if(httpServletRequest.getHeader("Program") == null || httpServletRequest.getHeader("key") == null)
{
return null;
}
APIAuthToken apitoken = new APIAuthToken(httpServletRequest.getHeader("key"),httpServletRequest.getHeader("Program"));
SecurityContextHolder.getContext().setAuthentication(apitoken);
return apitoken;
}
@Override
public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain) throws IOException,servletexception {
SpringBeanAutowiringSupport.processInjectionBasedOnCurrentContext(this);
attemptAuthentication((HttpServletRequest) req,(HttpServletResponse) res);
super.doFilter(req,res,chain);
}
}
过滤器的自定义身份验证提供程序。
public class ApiAuthProvider implements AuthenticationProvider {
@Autowired
private ApiService apiService;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
APIAuthToken token = (APIAuthToken) authentication;
if(apiService.getKey((String)token.getPrincipal()).equals(token.getCredentials()))
{
token.setAuthenticated(true);
}
return token;
}
@Override
public boolean supports(Class<?> aClass) {
if(aClass.isAssignableFrom(APIAuthToken.class))
{
return true;
}
return false;
}
}
我要自动接线的APIService类。
@Service
public class ApiService {
@Autowired
private APIRepository apiRepository;
public String getKey(String program) {
return apiRepository.findByProgram(program).getApikey();
}
}
@EnableWebSecurity
public class MultiSecurityAdapter {
@Configuration
@Order(1)
public class APISecurityAdapter extends WebSecurityConfigurerAdapter {
// @Autowired
// private ApiAuthProvider apiAuthProvider;
//@Autowired
//private AgentFilter agentFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/api/authenticate").permitAll()
.antMatchers("/api/**").authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(new AgentFilter(),UsernamePasswordAuthenticationFilter.class);
http.authenticationProvider(new ApiAuthProvider());
}
}
@Configuration
@Order(2)
public class SecurityAdapter extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService myUserDetailsService;
@Autowired
private JwtFilter jwtRequestFilter;
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().disable();
http.csrf().disable()
.authorizeRequests()
.antMatchers("/app/authenticate").permitAll()
.antMatchers("/app/**").authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtRequestFilter,UsernamePasswordAuthenticationFilter.class);
}
}
}
用于apiservice的自动连线显示为null。因此,我无法获取要进行身份验证的值。请帮我解决这个问题。谢谢
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
