Java SpringSecurity MemberServices不是通过注释注入的
我正在尝试将SpringSecurity配置为使用“记住我”身份验证 以下是我的Java配置:Java SpringSecurity MemberServices不是通过注释注入的,java,spring,spring-mvc,dependency-injection,spring-security,Java,Spring,Spring Mvc,Dependency Injection,Spring Security,我正在尝试将SpringSecurity配置为使用“记住我”身份验证 以下是我的Java配置: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserDetailsService userDetails
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Autowired
DatabasePersistentTokeRepositoryImpl databasePersistentTokeRepositoryImpl;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authenticationProvider(rememberMeAuthenticationProvider())
.rememberMe().tokenRepository(databasePersistentTokeRepositoryImpl).tokenValiditySeconds((int) TimeUnit.SECONDS.convert(7, TimeUnit.DAYS))
.and()
.csrf().disable();
}
@Bean()
public AuthenticationProvider rememberMeAuthenticationProvider() {
return new RememberMeAuthenticationProvider("KEY");
}
@Bean()
public TokenBasedRememberMeServices rememberMeServices() {
TokenBasedRememberMeServices rememberMeServices = new TokenBasedRememberMeServices("KEY", userDetailsService);
rememberMeServices.setAlwaysRemember(true);
return rememberMeServices;
}
}
我看到MemberMechanfiguler中没有注入MemberMeServices。这会导致创建RememberAuthenticationFilter,它引用了错误的RememberServices
Spring安全文档中有一节使用XML描述这个过程。
我的注入有什么问题?如果没有XML,有可能这样做吗?您没有注入它。
记忆配置器
没有自动连线功能。还有,为什么要配置这么多bean
已为您创建了rememberAuthenticationProvider
,如果要使用其他键,请使用key(“key”)
指定它。这将依次用于创建RememberMeServices
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Autowired
DatabasePersistentTokeRepositoryImpl databasePersistentTokeRepositoryImpl;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.rememberMe()
.key("KEY")
.tokenRepository(databasePersistentTokeRepositoryImpl)
.tokenValiditySeconds((int) TimeUnit.SECONDS.convert(7, TimeUnit.DAYS))
.and()
.csrf().disable();
}
}
如果确实需要将alwaysRemember
属性设置为true,则可以使用ObjectPostProcessor
对过滤器进行后处理,并从中配置RememberServices
您还可能注入了错误类型的
RememberMeServices
,因为配置的类型没有使用PersistentTokeRepository
,只是为了提供一个代码示例,说明@m-denum建议的ObjectPostProcessor
总是将remember设置为true,如下所示:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.rememberMe()
.key("KEY")
.tokenRepository(databasePersistentTokeRepositoryImpl)
.tokenValiditySeconds((int) TimeUnit.SECONDS.convert(7, TimeUnit.DAYS))
.withObjectPostProcessor( new ObjectPostProcessor<RememberMeAuthenticationFilter>() {
@Override
public <O extends RememberMeAuthenticationFilter> O postProcess( O object) {
RememberMeAuthenticationFilter rmaf = (RememberMeAuthenticationFilter)
PersistentTokenBasedRememberMeServices rms = (PersistentTokenBasedRememberMeServices)rmaf.getRememberMeServices();
rms.setAlwaysRemember( true );
return object;
}
})
.and()
.csrf().disable();
}
@覆盖
受保护的无效配置(HttpSecurity http)引发异常{
http
.rememberMe()
.key(“key”)
.tokenRepository(数据库PersistentTokeRepositoryImpl)
.tokenValiditySeconds((int)TimeUnit.SECONDS.convert(7,TimeUnit.DAYS))
.withObjectPostProcessor(新的ObjectPostProcessor(){
@凌驾
公共O后处理(O对象){
rememberAuthenticationFilter rmaf=(rememberAuthenticationFilter)
PersistentTokenBasedMemberMeservices rms=(PersistentTokenBasedMemberMeservices)rmaf.GetMemberMeservices();
rms.setAlwaysRemember(真);
返回对象;
}
})
.及()
.csrf().disable();
}