我的应用程序具有 spring 安全配置,连接到 cas 服务器(工作):@EnableWebSecurity@Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter { @Value("${cas.service-url}") private String serviceUrl; @Value("${cas.cas-url}") private String casUrl; @Autowired private AuthenticationProvider authenticationProvider; @Autowired private AuthenticationEntryPoint authenticationEntryPoint; @Autowired private SingleSignOutFilter singleSignOutFilter; @Autowired private LogoutFilter logoutFilter; @Override protected void configure(HttpSecurity http) throws Exception { http.csrf() .disable() .authorizeRequests() .regexMatchers("/secured.*") .authenticated() .and() .authorizeRequests() .regexMatchers("/") .permitAll() .and() .httpBasic() .authenticationEntryPoint(authenticationEntryPoint) .and() .addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class) .addFilterBefore(logoutFilter, LogoutFilter.class); } @Override protected AuthenticationManager authenticationManager() throws Exception { return new ProviderManager(Arrays.asList(authenticationProvider)); } @Bean public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties sP) throws Exception { CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setServiceProperties(sP); filter.setAuthenticationManager(authenticationManager()); return filter; }现在我想添加一个自动登录列表,他们是唯一可以访问应用程序的人(即:访问他们必须在 cas 和静态列表中)。String allowedLogin = List.of ("robert.bob", "john.jon");我找到了这个链接:Spring security - specific users, 但我不知道如何实现“StaticUserProvider”以及在我的配置中配置它的位置。
2 回答
跃然一笑
TA贡献1826条经验 获得超6个赞
如果用户不在列表中,我认为最简单的方法是在 UserDetailsService 中抛出 UsernameNotFoundException 。像那样:
provider.setUserDetailsService((s) -> {
if(!allowedLogin.contains(s.getAssertion().getPrincipal().getName())) {
throw new UsernameNotFoundException("user not authorized to use app");
}
return new User(s, "fakepassword", true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_ADMIN"));
});
添加回答
举报
0/150
提交
取消