官术网_书友最值得收藏!

Setting up AuthenticationManager

There are number of built-in AuthenticationManager in Spring Security that can be easily used in your application. Spring Security also has a number of helper classes, using which you can set up AuthenticationManager. One helper class is AuthenticationManagerBuilder. Using this class, its quite easy to set up UserDetailsService against a database, in memory, in LDAP, and so on. If the need arises, you could also have your own custom UserDetailsService (maybe a custom single sign-on solution is already there in your organization).

You can make an AuthenticationManager global, so it will be accessible by your entire application. It will be available for method security and other WebSecurityConfigurerAdapter instances. WebSecurityConfigurerAdapter is a class that is extended by your Spring configuration file, making it quite easy to bring Spring Security into your Spring application. This is how you set up a global AuthenticationManager using the @Autowired annotation:

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
public void confGlobalAuthManager(AuthenticationManagerBuilder auth) throws
Exception {
auth
.inMemoryAuthentication()
.withUser("admin").password("admin@password").roles("ROLE_ADMIN");
}
}

You can also create local AuthenticationManager, which is only available for this particular WebSecurityConfigurerAdapterby overriding the configure method, as shown in the following code:

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin").password("admin@password").roles("ROLE_ADMIN");
}
}

Another option is to expose the AuthenticationManager bean by overriding authenticationManagerBean method, as shown here:

@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}

You can also expose various AuthenticationManager, AuthenticationProvider, or UserDetailsService as beans which will override the default ones.

In the preceding code examples we have used AuthenticationManagerBuilder to configure in-memory authentication. More mechanisms of the AuthenticationManagerBuilder class will be used in the subsequent examples in this chapter.

主站蜘蛛池模板: 云安县| 赣榆县| 尼玛县| 太白县| 大埔区| 唐海县| 方山县| 定边县| 临西县| 鄂尔多斯市| 甘肃省| 隆化县| 隆子县| 丹东市| 甘孜| 麦盖提县| 嵊泗县| 抚顺市| 韶关市| 师宗县| 岫岩| 望奎县| 东台市| 贡嘎县| 五河县| 宽城| 安图县| 左权县| 鸡泽县| 略阳县| 浏阳市| 大同县| 云南省| 新民市| 曲阜市| 桃江县| 德令哈市| 昌邑市| 吴旗县| 灵宝市| 平果县|