Custom Authentication provider with Spring Security and Java Config

问题:

How can I define a custom Authentication provider by using Spring Security with Java Configurations? I would like to perform a login checking credentials on my own database.

回答1:

The following does what you need (CustomAuthenticationProvider is your implementation which needs to be managed by Spring)

@Configuration @EnableWebMvcSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter {      @Autowired     private CustomAuthenticationProvider customAuthenticationProvider;      @Override     protected void configure(HttpSecurity http) throws Exception {         /**          * Do your stuff here          */     }      @Override     protected void configure(AuthenticationManagerBuilder auth) throws Exception {         auth.authenticationProvider(customAuthenticationProvider);     } } 

回答2:

As shown on baeldung.com, define your authentication provider as follow:

@Component public class CustomAuthenticationProvider implements AuthenticationProvider {      @Override     public Authentication authenticate(Authentication authentication)        throws AuthenticationException {          String name = authentication.getName();         String password = authentication.getCredentials().toString();          if (shouldAuthenticateAgainstThirdPartySystem(username, password)) {              // use the credentials             // and authenticate against the third-party system             return new UsernamePasswordAuthenticationToken(               name, password, new ArrayList());         } else {             return null;         }     }      @Override     public boolean supports(Class> authentication) {         return authentication.equals(           UsernamePasswordAuthenticationToken.class);     } } 

and following code is corresponding java config:

@Configuration @EnableWebSecurity @ComponentScan("org.project.security") public class SecurityConfig extends WebSecurityConfigurerAdapter {      @Autowired     private CustomAuthenticationProvider authProvider;      @Override     protected void configure(       AuthenticationManagerBuilder auth) throws Exception {          auth.authenticationProvider(authProvider);     }      @Override     protected void configure(HttpSecurity http) throws Exception {         http.authorizeRequests().anyRequest().authenticated()             .and()             .httpBasic();     } } 

文章来源: Custom Authentication provider with Spring Security and Java Config