我的web应用程序有多个身份验证管理器(一个用于访问WEB的API)。该API应该只有一个基本的认证服务 - 通过弹簧安全标记配置,如下图所示:Spring Security - 多个身份验证提供程序
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:authentication-manager alias="apiAuthenticationManager">
<security:authentication-provider ref="apiAuthenticationProvider" />
</security:authentication-manager>
<security:authentication-provider >
<security:user-service>
<security:user name="apiadmin" password="password" authorities="ROLE_API_ADMIN" />
<security:user name="apiuser" password="otherpassword" authorities="ROLE_API_USER" />
</security:user-service>
</security:authentication-provider>
...
,因为我希望它是由儿童豆CONFIGS覆写投放我不能内联的认证供应商。
我的问题是,我无法在安全性上定义别名/ ID:身份验证提供程序元素以在身份验证管理器中引用它。有这个简单的解决方法吗?
解决方案:
我终于想通了如何使用命名空间的方式来做到这一点,而不深入到普通豆配置:)
<security:user-service id="apiUserDetailsService">
<security:user name="apiadmin" password="password" authorities="ROLE_API_ADMIN" />
<security:user name="apiuser" password="otherpassword" authorities="ROLE_API_USER" />
</security:user-service>
<security:authentication-manager alias="apiAuthenticationManager">
<security:authentication-provider user-service-ref="apiUserDetailsService"/>
</security:authentication-manager>