Spring Security Java Config - custom AuthenticationProvider and UserDetailsService

问题:

I use java configuration to configure Spring Security, and I have customized AuthenticationProvider and customized UserDetailsService, to add extra login field following http://forum.spring.io/forum/spring-projects/security/95715-extra-login-fields

I have difficulty to add both of the customized Classes into Spring Security framework by using java configuration. As java doc of AuthenticationProvider#authenticationProvider describes:

Add authentication based upon the custom AuthenticationProvider that is passed in. Since the AuthenticationProvider implementation is unknown, all customizations must be done externally and the AuthenticationManagerBuilder is returned immediately.

This method does NOT ensure that the UserDetailsService is available for the getDefaultUserDetailsService() method.

So my question is what is the approach to set UserDetailsService in this case?

回答1:

Here is an example of customized AuthenticationProvider and customized UserDetailsService:

@Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter {      @Autowired     public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {         auth.authenticationProvider(customAuthenticationProvider());     }      @Bean     AuthenticationProvider customAuthenticationProvider() {         CustomAuthenticationProvider impl = new CustomAuthenticationProvider();         impl.setUserDetailsService(customUserDetailsService());         /* other properties etc */         return impl ;     }      @Bean        UserDetailsService customUserDetailsService() {         /* custom UserDetailsService code here */     } } 

文章来源: Spring Security Java Config - custom AuthenticationProvider and UserDetailsService