[英]Spring boot Security Config - authenticationManager must be specified
這是我的主要應用程序配置
@SpringBootApplication
public class Application {
public static void main(String[] args) {
new SpringApplicationBuilder(Application.class)
.banner((environment, aClass, printStream) ->
System.out.println(stringBanner()))
.run();
}
}
這是我的 spring 安全應用程序配置。
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private WebServiceAuthenticationEntryPoint unauthorizedHandler;
@Autowired
private TokenProcessingFilter authTokenProcessingFilter;
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // Restful hence stateless
.and()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedHandler) // Notice the entry point
.and()
.addFilter(authTokenProcessingFilter) // Notice the filter
.authorizeRequests()
.antMatchers("/resources/**", "/api/auth")
.permitAll()
.antMatchers("/greeting")
.hasRole("USER");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
}
這是我的 TokenProcessingFilter,它為我的自定義身份驗證過濾器擴展了 UsernamePasswordAuthenticationFilter
@Component
public class TokenProcessingFilter extends UsernamePasswordAuthenticationFilter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = this.getAsHttpRequest(request);
String authToken = this.extractAuthTokenFromRequest(httpRequest);
String userName = TokenUtils.getUserNameFromToken(authToken);
if (userName != null) {/*
UserDetails userDetails = userDetailsService.loadUserByUsername(userName);*/
UserDetails userDetails = fakeUserDetails();
if (TokenUtils.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(userDetails.getUsername(), userDetails.getPassword(), userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
SecurityContextHolder.getContext().setAuthentication(authentication);
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
}
}
chain.doFilter(request, response);
}
private HttpServletRequest getAsHttpRequest(ServletRequest request){
if (!(request instanceof HttpServletRequest)) {
throw new RuntimeException("Expecting an HTTP request");
}
return (HttpServletRequest) request;
}
private String extractAuthTokenFromRequest(HttpServletRequest httpRequest) {
/* Get token from header */
String authToken = httpRequest.getHeader("x-auth-token");
/* If token not found get it from request parameter */
if (authToken == null) {
authToken = httpRequest.getParameter("token");
}
return authToken;
}
private UserDetails fakeUserDetails(){
UsernamePasswordAuthenticationToken authenticationToken = new
UsernamePasswordAuthenticationToken("user","password");
List<SimpleGrantedAuthority> auth= new ArrayList<>();
auth.add(new SimpleGrantedAuthority("USER"));
return new User("user","password",auth);
}
}
但是,在運行應用程序時,我遇到了此異常消息。 我錯過了什么?
運行時發生異常。 null:InvocationTargetException:無法啟動嵌入式容器; 嵌套異常是 org.springframework.boot.context.embedded.EmbeddedServletContainerException:無法啟動嵌入式 Tomcat:在文件 [C:\\Users\\kyel\\projects\\app\\target\\classes\\org\\ app\\testapp\\security\\TokenProcessingFilter.class]:調用init方法失敗; 嵌套異常是 java.lang.IllegalArgumentException:必須指定 authenticationManager
您需要在TokenProcessingFilter上設置AuthenticationManager 。 不要在 TokenProcessingFilter 上使用 @Component,只需在 SecurityConfig 中創建它。
@Bean
TokenProcessingFilter tokenProcessingFilter() {
TokenProcessingFilter tokenProcessingFilter = new TokenProcessingFilter();
tokenProcessingFilter.setAuthenticationManager(authenticationManager());
return tokenProcessingFilter;
}
和
protected void configure(HttpSecurity http) throws Exception {
...
.addFilter(tokenProcessingFilter())
為了保持組件注釋,您必須從 AbstractAuthenticationProcessingFilter 覆蓋 setAuthenticationManager 並像這樣自動裝配參數:
@Component
public class TokenProcessingFilter extends UsernamePasswordAuthenticationFilter {
//...
@Override
@Autowired
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
//...
}
必須指定spring security authenticationManager
[英]spring security authenticationManager must be specified
在沒有 spring-boot-starter-web 的情況下配置 Spring Security AuthenticationManager
[英]Configure Spring Security AuthenticationManager without spring-boot-starter-web
Spring 開機安全| 為什么我的 authenticationManager 不起作用?
[英]Spring boot security | Why does my authenticationManager not work?
帶有xml config的Spring安全性NoSuchBeanDefenitionException否AuthenticationManager類型的合格Bean
[英]Spring security with xml config NoSuchBeanDefenitionException No Qualifying bean of type AuthenticationManager
Spring Security AuthenticationManager 設置一個 PasswordEncoder
[英]Spring Security AuthenticationManager set a PasswordEncoder
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.