[英]Why do I have to set AuthenticationManager twice
In my application I've implemented X.509 authentication在我的应用程序中,我实现了 X.509 身份验证
I created the following class named X509AuthenticationFilter
that extends AbstractPreAuthenticatedProcessingFilter provided by spring security by default.我创建了以下名为
X509AuthenticationFilter
的 class,它扩展了默认情况下由 spring 安全性提供的AbstractPreAuthenticatedProcessingFilter 。
I added my own AuthenticationManager to the class我将自己的 AuthenticationManager 添加到 class
private AuthenticationManager authenticationManager
And also included the following setter并且还包括以下二传手
public void setAuthenticationManager(AuthenticationManager authenticationManager)
{
this.authenticationManager = authenticationManager;
}
The bean is initialized in the spring-security.xml like so: bean 在 spring-security.xml 中初始化,如下所示:
<beans:bean id="x509AuthenticationFilter" class="com.example.sec.x509.X509AuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>
The bean named authenticationManager
does exist and it's present in the spring context.名为
authenticationManager
的 bean 确实存在,并且存在于 spring 上下文中。
However, given such configuration I get the following startup error:但是,给定这样的配置,我得到以下启动错误:
An AuthenticationManager must be set
For some reason the AuthenticationManager is deliberately set to null in the superclass.由于某种原因,AuthenticationManager 在超类中被故意设置为 null。 Later on
afterPropertiesSet()
gets called and unfortunately throws the exception.后来
afterPropertiesSet()
被调用,不幸的是抛出了异常。
The only workaround I came up with is changing the setter in my own class to the following:我想出的唯一解决方法是将我自己的 class 中的设置器更改为以下内容:
public void setAuthenticationManager(AuthenticationManager authenticationManager)
{
super.setAuthenticationManager(authenticationManager);
this.authenticationManager = authenticationManager;
}
Is there a better solution?有更好的解决方案吗?
I added my own AuthenticationManager to the class
我将自己的 AuthenticationManager 添加到 class
So you effectively shadowed existing authenticationManager
instance declared in AbstractPreAuthenticatedProcessingFilter .因此,您有效地隐藏了AbstractPreAuthenticatedProcessingFilter中声明的现有
authenticationManager
实例。
If you don't need to access AuthenticationManager from within your X509AuthenticationFilter
, just don't declare it.如果您不需要从
X509AuthenticationFilter
中访问 AuthenticationManager ,请不要声明它。 If you do, you will have to call super setter as you're already doing.如果你这样做,你将不得不像你已经在做的那样调用超级二传手。
Maybe authenticationManager
should be declared protected
in AbstractPreAuthenticatedProcessingFilter
, which would resolve this situation cleanly...也许
authenticationManager
应该在AbstractPreAuthenticatedProcessingFilter
中声明为protected
,这将彻底解决这种情况......
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.