Spring Security X.509 authentication without user-service

血红的双手。 提交于 2021-02-19 02:23:30

问题


I'm using Spring Security (v3.1.3) for X.509 authentication in my web-application. Users and roles are stored in the Database, but I don't actually need to do it, as CNs of client certificates conform to "[ROLE] - [USERNAME]" schema, which means I already have username and role from the certificate itself. So how to eliminate the database without too much effort? Should I write my own implementation of user-service, which will populate UserDetails, or is there more graceful method?


回答1:


Yes, the simplest option is probably to write a custom AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>. The implementations would be something like this:

UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken token) {
    X509Certificate certificate = (X509Certificate[)token.getCredentials();

    // Extract what you want from the certificate
    ...

    // Create the user information
    UserDetails user = ...

    return user;
}

You should be able to use a reference to this bean directly in the user-service-ref namespace attribute <x509 user-service-ref='yourUserServiceBean' />.



来源:https://stackoverflow.com/questions/14563397/spring-security-x-509-authentication-without-user-service

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!