在 Java Config 中自动装配 Spring Authentication Manager
[英]Autowiring Spring Authentication Manager in Java Config
问题描述
I've set a custom authentication provider:
我设置了一个自定义身份验证提供程序:
@Configuration
@EnableWebSecurity
@EnableGlobalAuthentication
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("samlAuthenticationProvider")
SAMLAuthenticationProvider samlAuthenticationProvider;
@Override
protected void configure(HttpSecurity http) throws Exception {
/**
* Do your stuff here
*/
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(samlAuthenticationProvider);
}
}
Now, I'd like to set also an alias for the authentication-manager, then I'd like to autowire it in another bean definition.现在,我还想为身份验证管理器设置一个别名,然后我想在另一个 bean 定义中自动装配它。
Eg:例如:
<!-- Register authentication manager with SAML provider -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="samlAuthenticationProvider" />
</security:authentication-manager>
<!-- Processing filter for WebSSO Holder-of-Key profile -->
<bean id="samlWebSSOHoKProcessingFilter"
class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="successRedirectHandler" />
</bean>
Is there a way to do that only in Java Config?有没有办法只在 Java Config 中做到这一点?
2 个解决方案
解决方案1
8 已采纳 2014-05-07 08:56:32
I'm not well with new Security Java Configuration, but here is what I see from source code:我对新的安全 Java 配置不太满意,但这是我从源代码中看到的:
@Import(AuthenticationConfiguration.class)
public @interface EnableGlobalAuthentication {}
This annotation imports AuthenticationConfiguration who is @Configuration as well.此注释也导入了@Configuration AuthenticationConfiguration 。 Any @Configuration is registered as bean, too.任何@Configuration被注册为 bean。 So, you can do like this from WebSecurityConfigurerAdapter :所以,你可以从WebSecurityConfigurerAdapter这样做:
@Autowired
public void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
this.authenticationConfiguration = authenticationConfiguration;
}
And get access to the AuthenticationManager :并访问AuthenticationManager :
this.authenticationConfiguration.getAuthenticationManager();
From xml perspective you can use SpEL to get access to that authenticationManager :从 xml 的角度来看,您可以使用 SpEL 来访问该authenticationManager :
<property name="authenticationManager" value="#{authenticationConfiguration.authenticationManager}" />
Sorry, I don't see the point, where AuthenticationManager is registered as a bean.抱歉,我不明白将AuthenticationManager注册为 bean 的重点。 From here you can't configure an alias for him.从这里你不能为他配置别名。
UPDATE更新
BTW, if you are going to @Autowired the AuthenticationManager to some other component, the @Value come to the resque:顺便说一句,如果您要将AuthenticationManager使用@Autowired连接到其他某个组件,则@Value会出现问题:
@Value("#{authenticationConfiguration.authenticationManager}")
private AuthenticationManager authenticationManager;
UPDATE2更新2
Found it WebSecurityConfigurerAdapter .找到它WebSecurityConfigurerAdapter 。 The source code and JavaDocs:源代码和 JavaDocs:
/**
* Override this method to expose the {@link AuthenticationManager} from
* {@link #configure(AuthenticationManagerBuilder)} to be exposed as
* a Bean. For example:
*
* <pre>
* @Bean(name name="myAuthenticationManager")
* @Override
* public AuthenticationManager authenticationManagerBean() throws Exception {
* return super.authenticationManagerBean();
* }
* </pre>
*
* @return the {@link AuthenticationManager}
* @throws Exception
*/
public AuthenticationManager authenticationManagerBean() throws Exception {
return new AuthenticationManagerDelegator(authenticationBuilder);
}
UPDATE3更新3
How tou get access to the existing AuthenticationManager from custom WebSecurityConfigurerAdapter and configure SAMLWebSSOHoKProcessingFilter ?如何从自定义WebSecurityConfigurerAdapter访问现有的AuthenticationManager并配置SAMLWebSSOHoKProcessingFilter ?
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public SAMLWebSSOHoKProcessingFilter samlFilter() {
SAMLWebSSOHoKProcessingFilter samlFilter = new SAMLWebSSOHoKProcessingFilter();
samlFilter.setAuthenticationManage(authenticationManager());
.......
return samlFilter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilter(samlFilter());
}
}
解决方案2
0 2021-04-08 18:48:15
This works for me:这对我有用:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
...
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
...
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
and和
@Component
public class UsernamePasswordAuth extends UsernamePasswordAuthenticationFilter {
@Autowired
public UsernamePasswordAuth(AuthenticationManager authenticationManager) {
setAuthenticationManager(authenticationManager);
setFilterProcessesUrl("/api/services/login");
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.