जावा स्प्रिंग सुरक्षा कॉन्फ़िगरेशन - एकाधिक प्रमाणीकरण प्रदाता

Question

वसंत सुरक्षा में एकाधिक प्रमाणीकरण प्रदाताओं के कई संदर्भ हैं, लेकिन जावा कॉन्फ़िगरेशन में कोई उदाहरण नहीं स्थित हो सकता है।

नीचे दिए गए लिंक एक्सएमएल अंकन देता है: Multiple Authentication Providers in Spring Security

हम LDAP या DB का उपयोग करके प्रमाणित करने की जरूरत है

नीचे हमारे नमूना कोड है:

@Configuration 
@EnableWebSecurity 
public class XSecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    private AuthenticationProvider authenticationProvider; 

    @Autowired 
    private AuthenticationProvider authenticationProviderDB; 


    @Override 
    @Order(1) 

    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.authenticationProvider(authenticationProvider); 
    } 


    @Order(2) 
    protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     auth.authenticationProvider(authenticationProviderDB); 
    } 

    @Override 
     public void configure(WebSecurity web) throws Exception { 
     web 
      .ignoring() 
      .antMatchers("/scripts/**","/styles/**","/images/**","/error/**"); 
     } 
    ______ 

    @Override 
    @Order(1) 
    protected void configure(HttpSecurity http) throws Exception { 
     http.csrf().disable() 
     .authorizeRequests() 
      .antMatchers("/","/logout","/time").permitAll() 
        .antMatchers("/admin").hasRole("ADMIN")   
         .anyRequest().authenticated() 
      .and() 
     .formLogin() 
      .loginPage("/index") 
      .loginProcessingUrl("/perform_login") 
      .usernameParameter("email") 
      .passwordParameter("password") 
      .failureUrl("/index?failed=true") 
      .defaultSuccessUrl("/summary",true) 
      .permitAll() 
      .and() 
     .logout().logoutUrl("/logout") 
        .logoutSuccessUrl("/index?logout=true").permitAll() 
      .and() 
      .exceptionHandling().accessDeniedPage("/error403") 
     .and().authenticationProvider(authenticationProvider); 

    } 

    @Order(1) 
    protected void configureDB(HttpSecurity http) throws Exception { 
     http.csrf().disable() 
     .authorizeRequests() 
      .antMatchers("/","/logout").permitAll() 
      .anyRequest().authenticated() 
      .and() 
     .formLogin() 
      .loginPage("/index") 
      .loginProcessingUrl("/perform_login") 
      .usernameParameter("email") 
      .passwordParameter("password") 
      .failureUrl("/index?failed=true") 
      .defaultSuccessUrl("/summary",true) 
      .permitAll() 
      .authenticationProvider(authenticationProviderDB) 
    //This line giving compilation error stating authenticationProvider is not available in formloginconfigurer 

     .and() 
     .logout().logoutUrl("/logout") 
        .logoutSuccessUrl("/index?logout=true").permitAll() 
      .and() 
      .exceptionHandling().accessDeniedPage("/error403"); 
    } 

} 

Answer 1

हो सकता है यह तुम्हारी मदद करेगा: -

@Configuration 
@EnableWebSecurity 
@Profile("container") 
public class XSecurityConfig extends WebSecurityConfigurerAdapter { 

@Autowired 
private AuthenticationProvider authenticationProvider; 

@Autowired 
private AuthenticationProvider authenticationProviderDB; 

@Override 
@Order(1) 

protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
    auth.authenticationProvider(authenticationProvider); 
} 

@Order(2) 
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
    auth.authenticationProvider(authenticationProviderDB); 
} 

@Override 
    public void configure(WebSecurity web) throws Exception { 
    web 
     .ignoring() 
     .antMatchers("/scripts/**","/styles/**","/images/**","/error/**"); 
    } 

@Override 
public void configure(HttpSecurity http) throws Exception { 
    http 
      .authorizeRequests() 
      .antMatchers("/rest/**").authenticated() 
      .antMatchers("/**").permitAll() 
      .anyRequest().authenticated() 
      .and() 
      .formLogin() 
      .successHandler(new AuthenticationSuccessHandler() { 
       @Override 
       public void onAuthenticationSuccess(
         HttpServletRequest request, 
         HttpServletResponse response, 
         Authentication a) throws IOException, ServletException { 
          //To change body of generated methods, 
          response.setStatus(HttpServletResponse.SC_OK); 
         } 
      }) 
      .failureHandler(new AuthenticationFailureHandler() { 

       @Override 
       public void onAuthenticationFailure(
         HttpServletRequest request, 
         HttpServletResponse response, 
         AuthenticationException ae) throws IOException, ServletException { 
          response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 
         } 
      }) 
      .loginProcessingUrl("/access/login") 
      .and() 
      .logout() 
      .logoutUrl("/access/logout")     
      .logoutSuccessHandler(new LogoutSuccessHandler() { 
       @Override 
       public void onLogoutSuccess(
         HttpServletRequest request, 
         HttpServletResponse response, 
         Authentication a) throws IOException, ServletException { 
        response.setStatus(HttpServletResponse.SC_NO_CONTENT); 
       } 
      }) 
      .invalidateHttpSession(true) 
      .and() 
      .exceptionHandling() 
      .authenticationEntryPoint(new Http403ForbiddenEntryPoint()) 
      .and() 
      .csrf()//Disabled CSRF protection 
      .disable(); 
    } 
} 

Answer 2

यह एक सफल विन्यास है जो जावा कॉन्फ़िगरेशन में एकाधिक प्रमाणीकरण प्रदाताओं को कॉन्फ़िगर करने में मदद करता है। धन्यवाद आपके इनपुट के लिए बहुत अधिक ओजस। इस मुद्दे को कम करने में मदद मिली।

प्रत्येक प्रमाणीकरण प्रदाता क्रम में परीक्षण किया जाता है कुंजी स्प्रिंग बूट यह मेरे लिए काम किया में

@Autowired 
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
    auth.authenticationProvider(authenticationProvider); 
    auth.authenticationProvider(authenticationProviderDB); 

} 

---

@Configuration 
@EnableWebSecurity 
public class XSecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    private LDAPAuthenticationProvider authenticationProvider; 

    @Autowired 
    private DBAuthenticationProvider authenticationProviderDB; 

    @Override 
     public void configure(WebSecurity web) throws Exception { 
     web 
      .ignoring() 
      .antMatchers("/scripts/**","/styles/**","/images/**","/error/**"); 
     } 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     auth.authenticationProvider(authenticationProvider); 
     auth.authenticationProvider(authenticationProviderDB); 

    } 


    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.csrf().disable() 
     .authorizeRequests() 
      .antMatchers("/","/logout").permitAll() 
      .antMatchers("/admin").hasRole("ADMIN")   
      .anyRequest().authenticated() 
      .and() 
     .formLogin() 
      .loginPage("/index") 
      .loginProcessingUrl("/perform_login") 
      .usernameParameter("user") 
      .passwordParameter("password") 
      .failureUrl("/index?failed=true") 
      .defaultSuccessUrl("/test",true) 
      .permitAll() 
      .and() 
     .logout().logoutUrl("/logout") 
        .logoutSuccessUrl("/index?logout=true").permitAll() 
      .and() 
      .exceptionHandling().accessDeniedPage("/error"); 
    } 


} 

Answer 3

नीचे पूर्ण कोड है। एक गुजरता है, तो इसका निम्नलिखित प्रमाणीकरण प्रदाताओं

auth.userDetailsService(userDetailsService)...

को छोड़ दिया जाता है तो:

auth.ldapAuthentication()....

@EnableRedisHttpSession 
@Configuration 
@EnableWebMvcSecurity 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 

@Autowired 
private CustomUserDetailsService userDetailsService; 

@Autowired 
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception { 

    //each Authentication provider is tested in order 
    //if one passes then its following Authentication providers are skipped 

    //DataBase Authentication 
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordencoder()); 



    LdapContextSource ldapContextSource = new LdapContextSource(); 


    ldapContextSource.setUrl("ldap://192.168.XXX.XXX:389"); 
    ldapContextSource.setBase("dc=companyname,dc=com"); 
    ldapContextSource.setUserDn("cn=user,cn=testgroup,ou=Test,dc=companyname,dc=com"); 
    ldapContextSource.setPassword("user1234"); 
    ldapContextSource.afterPropertiesSet(); 



    //LDAP Authentication 
    auth.ldapAuthentication() 
     //The {0} in the (uid={0}) will be replaced by the username entered in the form. 
     .userSearchBase("ou=Group") 
     .userSearchFilter("uid={0}") 

     //.userDnPatterns("uid={0},ou=people")//does the same thing 

     //Specifies where the search for Roles start 
     //.groupSearchBase("ou=mathematicians") 
     //in groups we search for member 
     //.groupSearchFilter("member={0}") 
     //.contextSource().ldif("classpath:test-server.ldif"); 

    .contextSource(ldapContextSource); 



} 

@Override 
protected void configure(HttpSecurity http) throws Exception { 

    http.authorizeRequests() 


      .antMatchers("/hello").access("hasRole('ROLE_ADMIN')") 
      .antMatchers("/index").fullyAuthenticated() 
      .antMatchers("/").fullyAuthenticated() 
      .antMatchers("/home").fullyAuthenticated() 
      .anyRequest().permitAll() 

      .and() 
      .formLogin() 
       .loginPage("/login") 
       .permitAll() 
       .usernameParameter("username").passwordParameter("password") 
      .and() 
      .logout() 
       .logoutSuccessUrl("/login?logout") 
       .permitAll() 
      .and() 
       .exceptionHandling() 
       .accessDeniedPage("/403") 
      .and() 
       .csrf() 
       .disable(); 



} 

@Bean(name = "passwordEncoder") 
public PasswordEncoder passwordencoder() { 
    return new BCryptPasswordEncoder(); 
} 
}