Java 具有多个应用程序详细信息的Spring Boot Azure ActiveDirectory
我有一个Spring Boot应用程序,它使用azure active directory进行前端身份验证(使用AADAPProleStatesAuthenticationFilter,类似于),不使用登录页面(它只是一个带有两个Post端点的REST api) 我想对其进行扩展,以便能够使用多组客户端ID、客户端机密和应用程序URI进行身份验证,这意味着发送到特定主机的每个请求都将映射到其自己的aaDapProleStatesAuthenticationFilter实例,以便进行身份验证。 我遇到的问题是,尝试自动连接AADAppRoleStatelessAuthenticationFilter的多个实例最终只会使用一组配置创建,即使我使用@PropertySource的两个配置文件,每个自动连接类最终都是从相同的配置创建的(app id uri、secret等)而且显然无法验证所有其他应用程序的请求 如何实现多应用程序身份验证 这是我尝试将安全配置分解为不同的类:Java 具有多个应用程序详细信息的Spring Boot Azure ActiveDirectory,java,spring,azure,spring-boot,azure-active-directory,Java,Spring,Azure,Spring Boot,Azure Active Directory,我有一个Spring Boot应用程序,它使用azure active directory进行前端身份验证(使用AADAPProleStatesAuthenticationFilter,类似于),不使用登录页面(它只是一个带有两个Post端点的REST api) 我想对其进行扩展,以便能够使用多组客户端ID、客户端机密和应用程序URI进行身份验证,这意味着发送到特定主机的每个请求都将映射到其自己的aaDapProleStatesAuthenticationFilter实例,以便进行身份验证。 我
public static final String HTTPS_SUFFIX = ":443";
public static final String REPLACEMENT_REGEX = "^http[s]?://";
@Configuration
@PropertySource(factory = YamlPropertySourceFactory.class, value = "classpath:default-${profile.name}.yml")
@Order(1)
public static class SecConfig1 extends WebSecurityConfigurerAdapter {
@Value("${azure.activedirectory.app-id-uri}")
String appIdUri;
@Autowired
AADAppRoleStatelessAuthenticationFilter aadAppRoleStatelessAuthenticationFilter;
@Override
protected void configure(HttpSecurity http) {
http.requestMatcher(new RequestHeaderRequestMatcher("Host", appIdUri.replaceFirst(REPLACEMENT_REGEX, "") + HTTPS_SUFFIX))
.addFilterBefore(aadAppRoleStatelessAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
}
@Configuration
@PropertySource(factory = YamlPropertySourceFactory.class, value = "classpath:gcc-${profile.name}.yml")
@Order(2)
public static class SecConfig2 extends WebSecurityConfigurerAdapter {
@Value("${azure.activedirectory.app-id-uri}")
String appIdUri;
@Autowired
AADAppRoleStatelessAuthenticationFilter aadAppRoleStatelessAuthenticationFilterGcc;
@Override
protected void configure(HttpSecurity http) {
http.requestMatcher(new RequestHeaderRequestMatcher("Host", appIdUri.replaceFirst(REPLACEMENT_REGEX, "") + HTTPS_SUFFIX))
.addFilterBefore(aadAppRoleStatelessAuthenticationFilterGcc, UsernamePasswordAuthenticationFilter.class);
}
}
public class YamlPropertySourceFactory implements PropertySourceFactory {
@Override
public PropertySource<?> createPropertySource(@Nullable String name, EncodedResource resource) throws IOException {
Properties propertiesFromYaml = loadYamlIntoProperties(resource);
String sourceName = name != null ? name : resource.getResource().getFilename();
return new PropertiesPropertySource(sourceName, propertiesFromYaml);
}
private Properties loadYamlIntoProperties(EncodedResource resource) throws FileNotFoundException {
try {
YamlPropertiesFactoryBean factory = new YamlPropertiesFactoryBean();
factory.setResources(resource.getResource());
factory.afterPropertiesSet();
return factory.getObject();
} catch (IllegalStateException e) {
// for ignoreResourceNotFound
Throwable cause = e.getCause();
if (cause instanceof FileNotFoundException)
throw (FileNotFoundException) e.getCause();
throw e;
}
}
}
spring:
security:
oauth2:
client:
registration:
azure:
client-id: XXX
client-secret: YYYY
azure:
activedirectory:
tenant-id: ZZZ
client-id: XXX
client-secret: YYY
session-stateless: true
app-id-uri: https://example.com
user-group:
allowed-groups: Users