具有Spring Security和Java配置的Custom Authentication Manager

具有Spring Security和Java配置的Custom Authentication Manager

看看下面的示例。您必须返回UsernamePasswordAuthenticationToken。它包含主体和GrantedAuthorities。希望我能帮助:)

public Authentication authenticate(Authentication authentication) throws AuthenticationException {    String username = authentication.getPrincipal() + "";    String password = authentication.getCredentials() + "";    User user = userRepo.findOne(username);    if (user == null) {        throw new BadCredentialsException("1000");    }    if (!enprer.matches(password, user.getPassword())) {        throw new BadCredentialsException("1000");    }    if (user.isDisabled()) {        throw new DisabledException("1001");    }    List<Right> userRights = rightRepo.getUserRights(username);    return new UsernamePasswordAuthenticationToken(username, null, userRights.stream().map(x -> new SimpleGrantedAuthority(x.getName())).collect(Collectors.toList()));}

PS：userRepo和rightRepo是访问我的自定义User-DB的Spring-Data-JPA存储库

SpringSecurity JavaConfig：

@Configuration@EnableWebMvcSecuritypublic class MySecurityConfiguration extends WebSecurityConfigurerAdapter {public MySecurityConfiguration() {    super(false);}@Overrideprotected AuthenticationManager authenticationManager() throws Exception {    return new ProviderManager(Arrays.asList((AuthenticationProvider) new AuthProvider()));}}