0 Replies - 506 Views - Last Post: 28 December 2018 - 11:35 PM

#1 romarioPro   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 28-December 18

Spring -security - problem with configuration for several entities

Posted 28 December 2018 - 11:35 PM

Can anybody give advice with spring-security?

I use Java 8, spring-boot, spring-security, OAuth2, jwt token. I use Resource Owner Password Credentials. I wrote the resource server and authorization servers in one place.

I created three entities: boss, client, worker.
This is my first time when I use security and I have met several problems:

1. I must create three controllers like /oauth/token (receive data, return tokens). Can I do it with spring-security? If yes, how?

2. I created three separate AuthenticationProvider. But, when I will receive a request, in first I check adminProvider, second workerProvider, and clientProvider. If I receive a login and password from a client, I will check all three tables. How can I separate it?
Also If I created a client and a worker with same login, I'll see collision.

My code in securityConf:

 @Configuration
    @EnableWebSecurity(debug = true)
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
        @Autowired
        private WorkerAuthenticationProvider workerAuthenticationProvider;
    
        @Autowired
        private ClientAuthenticationProvider clientAuthenticationProvider;
    
        @Autowired
        private  AdminAuthenticationProvider adminAuthenticationProvider;
    
    
        @Bean(name = "pass")
        public PasswordEncoder passwordEncoder() {
            return new BCryptPasswordEncoder();
        }
    
    
        @Bean
        @Override
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }
    
    // Here is problem
        @Override
        public void configure(final AuthenticationManagerBuilder auth) throws Exception {
            auth
                    .authenticationProvider(adminAuthenticationProvider)
                    .authenticationProvider(doctorAuthenticationProvider)
                    .authenticationProvider(clientAuthenticationProvider);
        }


Maybe is it a bad idea to use spring-security for this goal?

Is This A Good Question/Topic? 0
  • +

Page 1 of 1