Spring Security：一个用于加载权限的身份验证提供程序，另一个用于真正的身份验证

发布于 2024-12-12 03:03:09 字数 897 浏览 0 评论 0原文

我的应用程序使用 Spring Security 来处理身份验证。到目前为止，我使用的是基于 jdbc-user-service 的简单身份验证提供程序，它既执行身份验证又加载权限，一切都工作正常：

<authentication-manager alias="authenticationManager">
    <authentication-provider>
        <password-encoder hash="sha" />
        <jdbc-user-service data-source-ref="dataSource"
            authorities-by-username-query="select t1.login, t2.USERROLES from USER as t1, USERROLES as t2 where t1.ID=t2.User_ID and t1.login= ?"
            users-by-username-query="select login,password,enabled from USER where login = ?" />
    </authentication-provider>
</authentication-manager>

现在我得到了一个新规范：

应像以前一样从数据库加载权限身份
验证应使用LDAP

我在测试应用程序中正确配置了 LDAP 身份验证，它工作得很好。现在我必须把它放在一起。如何使我的 jdbc auth-provider 不执行身份验证，而仅加载权限并按顺序启用下一个 auth-manager（在我的情况下为 LDAP auth-manager）来进行真正的身份验证？

原文

My application uses Spring Security for handling authentication. So far I was using simple authenticaton provider based on jdbc-user-service which was both performing authentication and loading authorities and it all worked fine:

<authentication-manager alias="authenticationManager">
    <authentication-provider>
        <password-encoder hash="sha" />
        <jdbc-user-service data-source-ref="dataSource"
            authorities-by-username-query="select t1.login, t2.USERROLES from USER as t1, USERROLES as t2 where t1.ID=t2.User_ID and t1.login= ?"
            users-by-username-query="select login,password,enabled from USER where login = ?" />
    </authentication-provider>
</authentication-manager>

Now I got a new specification:

Authorities should be loaded from database just as before
Authentication should be done using LDAP

I properly configured LDAP authentication in a test application and it works just fine. Now I have to put it together. How could I make my jdbc auth-provider to not perform authentication but only load authorities and enable the next auth-manager in order (LDAP auth-manager in my case) to do real authenticaton?

分享到QQ

分享到微博