如何在自定义筛选器中使用Java配置注入AuthenticationManager
我使用的是SpringSecurity3.2和Spring4.0.1 我正在将xml配置转换为Java配置。当我在过滤器中用如何在自定义筛选器中使用Java配置注入AuthenticationManager,java,spring,spring-security,spring-java-config,Java,Spring,Spring Security,Spring Java Config,我使用的是SpringSecurity3.2和Spring4.0.1 我正在将xml配置转换为Java配置。当我在过滤器中用@Autowired注释AuthenticationManager时,我得到一个异常 Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.authenticati
@Autowired
注释AuthenticationManager
时,我得到一个异常
Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.authentication.AuthenticationManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}
我尝试过注入AuthenticationManagerFactoryBean
,但也失败了,出现了类似的异常
这是我使用的XML配置
这是我正在尝试的Java配置
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private AuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private AccessDeniedHandler accessDeniedHandler;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.accessDeniedHandler(accessDeniedHandler)
.and();
//TODO: Custom Filters
}
}
这是自定义过滤器类。给我带来麻烦的是AuthenticationManager的设置程序
@Component
public class TokenAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
@Autowired
public TokenAuthenticationProcessingFilter(@Value("/rest/useAuthenticationManagerr/authenticate") String defaultFilterProcessesUrl) {
super(defaultFilterProcessesUrl);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
...
}
private String obtainPassword(HttpServletRequest request) {
return request.getParameter("password");
}
private String obtainUsername(HttpServletRequest request) {
return request.getParameter("username");
}
@Autowired
@Override
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
@Autowired
@Override
public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler) {
super.setAuthenticationSuccessHandler(successHandler);
}
@Autowired
@Override
public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) {
super.setAuthenticationFailureHandler(failureHandler);
}
}
重写
WebSecurityConfigurerAdapter
中的方法authenticationManagerBean
,以将使用configure(AuthenticationManagerBuilder)
构建的AuthenticationManager作为Springbean公开:
例如:
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
除上述内容外,您可能还希望使用@Import将@Configuration类聚合到另一个类(在我的情况下是AuthenticationController):
Spring文档关于使用@Import:聚合@Configuration类我可以问一下自动连线在覆盖上面做了什么吗?我以前从未见过这种情况。这与什么有关?您是如何添加自定义过滤器的?我制作了自己的过滤器和身份验证提供程序。但我不知道如何将它们配置为一起工作。下面是我的问题@qxixp“如何将使用configure(AuthenticationManagerBuilder)构建的AuthenticationManager作为Spring bean公开”@Roger,为什么我们需要手动公开AuthenticationManager?@qxixp您只能自动连接Spring管理的bean。如果它不是作为bean公开的,你就不能自动连接它。这个答案真正帮助我的是“name=BeanIds.AUTHENTICATION\u MANAGER”。没有它,它至少在我的环境中不起作用。这种方法不适用于spring security oauth2中的自定义过滤器,
@Bean super.authenticationManagerBean()
这样不会构建ClientDetailsUserDetailsService
和DaoAuthenticationProvider
它与http.getSharedObject(AuthenticationManager.class)的方式不同。
@Import(SecurityConfig.class)
@RestController
public class AuthenticationController {
@Autowired
private AuthenticationManager authenticationManager;
//some logic
}