I'm using io.github.lognet:grpc-spring-boot-starter:3.5.3
to add Grpc support. And I have a org.springframework.boot:spring-boot-starter-security
dependency. I don't want to add org.springframework.boot:spring-boot-starter-web
dependency, cause my application need to use Grpc Netty server without servlets and tomcat server.
Having two implementations of AuthentificationProvider
I configured a AuthentificationManager
:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final ClientAuthenticationProvider clientAuthenticationProvider;
private final ServiceAuthenticationProvider serviceAuthenticationProvider;
public WebSecurityConfig(ClientAuthenticationProvider clientAuthenticationProvider,
ServiceAuthenticationProvider serviceAuthenticationProvider) {
this.clientAuthenticationProvider = clientAuthenticationProvider;
this.serviceAuthenticationProvider = serviceAuthenticationProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationProvider(clientAuthenticationProvider)
.authenticationProvider(serviceAuthenticationProvider);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
Build fails with message:
Error:(18, 8) java: cannot access javax.servlet.Filter class file for javax.servlet.Filter not found
This because WebSecurityConfigurerAdapter
needs javax.servlet.Filter
.
I'm tried to add javax.servlet:javax.servlet-api:4.0.1
dependency, but application failes at runtime when calling authenticationManager.authenticate(...):
public class MytAuthService {
private final AuthenticationManager authenticationManager;
public AbstractAuthService(
@Qualifier("authenticationManagerBean") AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public TokenPair authenticate(AuthRequest request) throws AuthenticationException {
...
authenticationManager.authenticate(createAuthToken(username, password));
...
}
with stacktrace:
java.lang.IllegalStateException: This object has not been built at org.springframework.security.config.annotation.AbstractSecurityBuilder.getObject(AbstractSecurityBuilder.java:55) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:506) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] at org.my.service.auth.MyAuthService.authenticate(MyAuthService.java:75) ~[classes/:?]
When I adding org.springframework.boot:spring-boot-starter-web
all works well, but I don't want add Tomcat and servlets to my application. Can I configure AuthentificationManager
to set custom AuthenticationProvider
's without extending WebSecurityConfigurerAdapter
class or any way? Or may be you can show a good sample/tutorial where Grpc and Spring Security uses only?
Answer myself, I should remove extending WebSecurityConfigurerAdapter
and create a AuthenticationManager
bean using ProviderManager
class.
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig {
private final ClientAuthenticationProvider clientAuthenticationProvider;
private final ServiceAuthenticationProvider serviceAuthenticationProvider;
public WebSecurityConfig(ClientAuthenticationProvider clientAuthenticationProvider,
ServiceAuthenticationProvider serviceAuthenticationProvider) {
this.clientAuthenticationProvider = clientAuthenticationProvider;
this.serviceAuthenticationProvider = serviceAuthenticationProvider;
}
@Bean
public AuthenticationManager authenticationManagerBean() {
return new ProviderManager(Arrays.asList(clientAuthenticationProvider, serviceAuthenticationProvider));
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.