Мобильная версияЕсть ли способ реализовать фильтр аутентификации Spring Security без интеграции базы данных? ⇐ JAVA
-
Anonymous
Есть ли способ реализовать фильтр аутентификации Spring Security без интеграции базы данных?
I am currently working on a simple project using Java Spring. And to implement the signup and login features (user authentication and authorization), I have created an authentication and authorization filter using Spring Security and JWT together.
@Service @RequiredArgsConstructor public class UserDetailsServiceImpl implements UserDetailsService { private final UserRepository userRepository; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userRepository.findByUsername(username) .orElseThrow(() -> new UsernameNotFoundException("Not Found " + username)); return new UserDetailsImpl(user); } } The above code is an implementation of UserDetailsService for implementing Spring Security.
However, I believe that sending queries to the database for user authentication contradicts one of the core characteristics of JWT, which is 'statelessness'. Therefore, I plan to refactor the code to allow the authentication process to occur without going through the UserDetailsService. In other words, my goal is to implement user authentication solely based on the user information contained in the JWT, without sending queries to the database.
Therefore, I have made comprehensive modifications to the code to enable authentication processing without using UserDetailsService. However, when I run the code and send an authentication request, queries are still sent to the database, even though my code does not use UserDetailsService. (It seems that due to the internal logic of Spring Security, it necessarily goes through UserDetailsService.)
Creating a custom filter for authentication and authorization processing without using Spring Security could solve the problem, but I am curious if there is a way to ensure JWT's statelessness while still using Spring Security.
Источник: https://stackoverflow.com/questions/781 ... thout-data
I am currently working on a simple project using Java Spring. And to implement the signup and login features (user authentication and authorization), I have created an authentication and authorization filter using Spring Security and JWT together.
@Service @RequiredArgsConstructor public class UserDetailsServiceImpl implements UserDetailsService { private final UserRepository userRepository; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userRepository.findByUsername(username) .orElseThrow(() -> new UsernameNotFoundException("Not Found " + username)); return new UserDetailsImpl(user); } } The above code is an implementation of UserDetailsService for implementing Spring Security.
However, I believe that sending queries to the database for user authentication contradicts one of the core characteristics of JWT, which is 'statelessness'. Therefore, I plan to refactor the code to allow the authentication process to occur without going through the UserDetailsService. In other words, my goal is to implement user authentication solely based on the user information contained in the JWT, without sending queries to the database.
Therefore, I have made comprehensive modifications to the code to enable authentication processing without using UserDetailsService. However, when I run the code and send an authentication request, queries are still sent to the database, even though my code does not use UserDetailsService. (It seems that due to the internal logic of Spring Security, it necessarily goes through UserDetailsService.)
Creating a custom filter for authentication and authorization processing without using Spring Security could solve the problem, but I am curious if there is a way to ensure JWT's statelessness while still using Spring Security.
Источник: https://stackoverflow.com/questions/781 ... thout-data
