问题
I am using ldap for authentication of requests.
I have configured by extending WebSecurityConfigurerAdapter and overriding configure(HttpSecurity) and configure(AuthenticationManagerBuilder) methods.
The credentials will be verified using ldap and on top of that, I need to maintain a static list that contains specific usernames to be allowed to access.
Can anyone help with the usernames validation part - do I need to write an extension of AuthenticationProvider to validate credentials and check for username? Just by configurations, I am able to take care of credentials verification.
回答1:
do I need to write an extension of AuthenticationProvider to validate credentials and check for username
Yes. You need to have two different authentication provider. One to validate LDAP user's credential and other for static user list.
So, your configure method looks similar like below,
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(LDAPProvider);
auth.authenticationProvider(StaticUserProvider);
}
Here, an order is important because, user's credentials would validate according to above mentioned provider order.i.e first with LDAPProvider then with StaticUserProvider.
来源:https://stackoverflow.com/questions/50747500/spring-security-specific-users