stackoom
  简体   繁体   中英

Configure Spring Security AuthenticationManager without spring-boot-starter-web

 原文  2020-07-07 04:07:38       java/ spring/ spring-boot/ grpc

Question

I'm using io.github.lognet:grpc-spring-boot-starter:3.5.3 to add Grpc support. And I have a org.springframework.boot:spring-boot-starter-security dependency. I don't want to add org.springframework.boot:spring-boot-starter-web dependency, cause my application need to use Grpc Netty server without servlets and tomcat server.

Having two implementations of AuthentificationProvider I configured a AuthentificationManager :

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final ClientAuthenticationProvider clientAuthenticationProvider;
    private final ServiceAuthenticationProvider serviceAuthenticationProvider;

    public WebSecurityConfig(ClientAuthenticationProvider clientAuthenticationProvider,
                             ServiceAuthenticationProvider serviceAuthenticationProvider) {
        this.clientAuthenticationProvider = clientAuthenticationProvider;
        this.serviceAuthenticationProvider = serviceAuthenticationProvider;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .authenticationProvider(clientAuthenticationProvider)
                .authenticationProvider(serviceAuthenticationProvider);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

}

Build fails with message:

Error:(18, 8) java: cannot access javax.servlet.Filter class file for javax.servlet.Filter not found

This because WebSecurityConfigurerAdapter needs javax.servlet.Filter .

I'm tried to add javax.servlet:javax.servlet-api:4.0.1 dependency, but application failes at runtime when calling authenticationManager.authenticate(...):

public class MytAuthService {

    private final AuthenticationManager authenticationManager;

    public AbstractAuthService(
          @Qualifier("authenticationManagerBean") AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

   
    public TokenPair authenticate(AuthRequest request) throws AuthenticationException {
        ...

        authenticationManager.authenticate(createAuthToken(username, password));

        ...
    }

with stacktrace:

java.lang.IllegalStateException: This object has not been built at org.springframework.security.config.annotation.AbstractSecurityBuilder.getObject(AbstractSecurityBuilder.java:55) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:506) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] at org.my.service.auth.MyAuthService.authenticate(MyAuthService.java:75) ~[classes/:?]

When I adding org.springframework.boot:spring-boot-starter-web all works well, but I don't want add Tomcat and servlets to my application. Can I configure AuthentificationManager to set custom AuthenticationProvider 's without extending WebSecurityConfigurerAdapter class or any way? Or may be you can show a good sample/tutorial where Grpc and Spring Security uses only?

1 answers

solution1
 0 ACCPTED  2020-07-07 04:40:10

Answer myself, I should remove extending WebSecurityConfigurerAdapter and create a AuthenticationManager bean using ProviderManager class.

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig {

    private final ClientAuthenticationProvider clientAuthenticationProvider;
    private final ServiceAuthenticationProvider serviceAuthenticationProvider;

    public WebSecurityConfig(ClientAuthenticationProvider clientAuthenticationProvider,
                             ServiceAuthenticationProvider serviceAuthenticationProvider) {
        this.clientAuthenticationProvider = clientAuthenticationProvider;
        this.serviceAuthenticationProvider = serviceAuthenticationProvider;
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() {
        return new ProviderManager(Arrays.asList(clientAuthenticationProvider, serviceAuthenticationProvider));
    }

}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using Spring-Boot-Starter-Web in combination with ObjectDB "Could not find acceptable representation" using spring-boot-starter-web Difference between spring-boot-starter-web and spring-boot-starter-web-services and spring-boot-starter-jersey Don't spring-boot-starter-web and spring-boot-starter-webflux work together? Error on Spring Boot App Startup when adding spring-boot-starter-web Spring Boot app keeps crashing on startup even with spring-boot-starter-web dependency Dependency 'org.springframework.boot:spring-boot-starter-web:2.3.0.RELEASE' not found Cant use spring-boot-starter-web dependecies when running tests Failed to start bean 'webServerStartStop'; Unable to start embedded Tomcat server - spring-boot-starter-web spring-boot-starter-web hibernate-validator dependency missing on Mac
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM