使用Spring啓動的BasicAuth

Question

在我的設置中，我有一個上游系統向我的系統發送Http請求。這些Http請求在其標頭中包含basicAuth標記。

我使用Spring-boot &外部的Tomcat。

我如何配置我的應用程序來檢查，如果用戶名/密碼是正確的，那麼按照正常的流程，否則日誌打印異常？

在我的應用程序中沒有UI，所以我不想顯示任何登錄頁面/錯誤頁面。我找到的例子就像一個here基於UI，這不是我的要求。

此外，如果解決方案需要在此example配置Tomcat一樣，我該怎麼做沒有web.xml中，因爲我使用Springboot。

Answer 1

如果您使用Tomcat Basic Authentication，那麼您的應用程序將綁定到Tomcat Web Container。

我想因爲你的應用程序是基於Spring Boot的，你可以使用Spring Security並啓用基本認證。

關注這個post在這裏筆者展示瞭如何使用Spring Security來保護。

Answer 2

的oauth2服務器配置

 import org.springframework.beans.factory.annotation.Autowired; 
     import org.springframework.context.annotation.Configuration; 
     import org.springframework.security.authentication.AuthenticationManager; 
     import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
     import org.springframework.security.config.http.SessionCreationPolicy; 
     import org.springframework.security.core.userdetails.UserDetailsService; 
     import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; 
     import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; 
     import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; 
     import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; 
     import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; 
     import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; 
     import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; 
     import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; 

    public class AuthserverApplication extends WebMvcConfigurerAdapter { 
       @Configuration 
       @EnableResourceServer 
       protected static class ResourceServer extends ResourceServerConfigurerAdapter { 
        @Override 
        public void configure(HttpSecurity http) throws Exception { 

         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) 
         .and() 
           .requestMatchers().antMatchers("/user/**","/api/v1/user") 
         .and() 
          .authorizeRequests() 
           .antMatchers("/user/**").authenticated() 
           .antMatchers("/api/v1/user").permitAll(); 


        } 

        @Override 
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception { 
         resources.resourceId("sparklr").stateless(false); 
        } 
       } 

       @Configuration 
       @EnableAuthorizationServer 
       protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter { 
        @Autowired 
        private AuthenticationManager authenticationManager; 
        @Autowired 
        private UserDetailsService userDetailsService; 

        @Override 
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 
         endpoints.authenticationManager(authenticationManager).userDetailsService(userDetailsService); 
        } 

        @Override 
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 
         clients.inMemory().withClient("act_client").authorizedGrantTypes("password", "refresh_token").scopes("read", 
           "write", "trust"); 
        } 
       } 
      } 

的UserDetailsS​​ervice實現

import org.springframework.security.core.userdetails.UserDetailsService; 
import org.springframework.security.core.userdetails.UsernameNotFoundException; 
import org.springframework.stereotype.Service; 

import com.flasher.entity.AuthorityM; 
import com.flasher.entity.User; 
import com.flasher.repository.UserRepository; 
import java.util.HashSet; 
import java.util.Set; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.security.core.GrantedAuthority; 
import org.springframework.security.core.authority.SimpleGrantedAuthority; 
import org.springframework.security.core.userdetails.UserDetails; 

@Service 
public class UserDetailsInfo implements UserDetailsService { 

    @Autowired 
    UserRepository userRepository; 

    @Override 
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException { 
     User user = userRepository.findByUsername(userName); 
     Set<AuthorityM> authorityMs = user.getAuthorityMs(); 
     Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>(); 
     authorityMs.stream().forEach(authorityM -> { 
      authorities.add(new SimpleGrantedAuthority(authorityM.getRole())); 
     }); 
     return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), 
       authorities); 

    } 

} 

貫徹 「org.springframework.security.core.userdetails.UserDetailsS​​ervice」 初始化並返回「org.springframework.security.core。 userdetails.User「實例通過OAUTH服務器進行身份驗證