[英]Autowiring Spring Authentication Manager in Java Config
I've set a custom authentication provider:我设置了一个自定义身份验证提供程序:
@Configuration
@EnableWebSecurity
@EnableGlobalAuthentication
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("samlAuthenticationProvider")
SAMLAuthenticationProvider samlAuthenticationProvider;
@Override
protected void configure(HttpSecurity http) throws Exception {
/**
* Do your stuff here
*/
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(samlAuthenticationProvider);
}
}
Now, I'd like to set also an alias for the authentication-manager, then I'd like to autowire it in another bean definition.现在,我还想为身份验证管理器设置一个别名,然后我想在另一个 bean 定义中自动装配它。
Eg:例如:
<!-- Register authentication manager with SAML provider -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="samlAuthenticationProvider" />
</security:authentication-manager>
<!-- Processing filter for WebSSO Holder-of-Key profile -->
<bean id="samlWebSSOHoKProcessingFilter"
class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="successRedirectHandler" />
</bean>
Is there a way to do that only in Java Config?有没有办法只在 Java Config 中做到这一点?
I'm not well with new Security Java Configuration, but here is what I see from source code:我对新的安全 Java 配置不太满意,但这是我从源代码中看到的:
@Import(AuthenticationConfiguration.class)
public @interface EnableGlobalAuthentication {}
This annotation imports AuthenticationConfiguration
who is @Configuration
as well.此注释也导入了@Configuration
AuthenticationConfiguration
。 Any @Configuration
is registered as bean, too.任何@Configuration
被注册为 bean。 So, you can do like this from WebSecurityConfigurerAdapter
:所以,你可以从WebSecurityConfigurerAdapter
这样做:
@Autowired
public void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
this.authenticationConfiguration = authenticationConfiguration;
}
And get access to the AuthenticationManager
:并访问AuthenticationManager
:
this.authenticationConfiguration.getAuthenticationManager();
From xml perspective you can use SpEL to get access to that authenticationManager
:从 xml 的角度来看,您可以使用 SpEL 来访问该authenticationManager
:
<property name="authenticationManager" value="#{authenticationConfiguration.authenticationManager}" />
Sorry, I don't see the point, where AuthenticationManager
is registered as a bean.抱歉,我不明白将AuthenticationManager
注册为 bean 的重点。 From here you can't configure an alias for him.从这里你不能为他配置别名。
UPDATE更新
BTW, if you are going to @Autowired
the AuthenticationManager
to some other component, the @Value
come to the resque:顺便说一句,如果您要将AuthenticationManager
使用@Autowired
连接到其他某个组件,则@Value
会出现问题:
@Value("#{authenticationConfiguration.authenticationManager}")
private AuthenticationManager authenticationManager;
UPDATE2更新2
Found it WebSecurityConfigurerAdapter
.找到它WebSecurityConfigurerAdapter
。 The source code and JavaDocs:源代码和 JavaDocs:
/**
* Override this method to expose the {@link AuthenticationManager} from
* {@link #configure(AuthenticationManagerBuilder)} to be exposed as
* a Bean. For example:
*
* <pre>
* @Bean(name name="myAuthenticationManager")
* @Override
* public AuthenticationManager authenticationManagerBean() throws Exception {
* return super.authenticationManagerBean();
* }
* </pre>
*
* @return the {@link AuthenticationManager}
* @throws Exception
*/
public AuthenticationManager authenticationManagerBean() throws Exception {
return new AuthenticationManagerDelegator(authenticationBuilder);
}
UPDATE3更新3
How tou get access to the existing AuthenticationManager
from custom WebSecurityConfigurerAdapter
and configure SAMLWebSSOHoKProcessingFilter
?如何从自定义WebSecurityConfigurerAdapter
访问现有的AuthenticationManager
并配置SAMLWebSSOHoKProcessingFilter
?
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public SAMLWebSSOHoKProcessingFilter samlFilter() {
SAMLWebSSOHoKProcessingFilter samlFilter = new SAMLWebSSOHoKProcessingFilter();
samlFilter.setAuthenticationManage(authenticationManager());
.......
return samlFilter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilter(samlFilter());
}
}
This works for me:这对我有用:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
...
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
...
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
and和
@Component
public class UsernamePasswordAuth extends UsernamePasswordAuthenticationFilter {
@Autowired
public UsernamePasswordAuth(AuthenticationManager authenticationManager) {
setAuthenticationManager(authenticationManager);
setFilterProcessesUrl("/api/services/login");
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.