Spring Security + CAS SSO AuthenticationManager

Question

我使用Spring / Spring-Security構建了一個Java應用程序。 沒有CAS-SSO Spring實施，我的應用程序可以正常工作。 但是，當我在應用程序中實現CAS配置並進行構建時，會在啟動時出現以下異常。

localhost-startStop-1 30.09.2015 13:34:48 WARN   [org.springframework.web.context.support.XmlWebApplicationContext] Exception   encountered during context initialization - cancelling refresh attempt
org.springframework.beans.factory.BeanCreationException: Error creating bean    with name 'methodSecurityInterceptor' defined in class path resource [org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.aopalliance.intercept.MethodInterceptor]: Factory method 'methodSecurityInterceptor' threw exception; nested exception is java.lang.IllegalArgumentException: Expecting to only find a single bean for type interface   org.springframework.security.authentication.AuthenticationManager, but found [org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0, org.springframework.security.authentication.ProviderManager#0, org.springframework.security.authenticationManager]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1111) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1006) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:762) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:757) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:480) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106) [spring-web-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4720) [tomcat-embed-core-8.0.18.jar:8.0.18]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5154) [tomcat-embed-core-8.0.18.jar:8.0.18]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [tomcat-embed-core-8.0.18.jar:8.0.18]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409) [tomcat-embed-core-8.0.18.jar:8.0.18]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1399) [tomcat-embed-core-8.0.18.jar:8.0.18]
at java.util.concurrent.FutureTask.run(FutureTask.java:262) [na:1.7.0_60]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_60]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_60]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_60]
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.aopalliance.intercept.MethodInterceptor]: Factory method 'methodSecurityInterceptor' threw exception; nested exception is java.lang.IllegalArgumentException: Expecting to only find a single bean for type interface org.springframework.security.authentication.AuthenticationManager, but found [org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0, org.springframework.security.authentication.ProviderManager#0, org.springframework.security.authenticationManager]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
... 23 common frames omitted
Caused by: java.lang.IllegalArgumentException: Expecting to only find a single bean for type interface org.springframework.security.authentication.AuthenticationManager, but found [org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0, org.springframework.security.authentication.ProviderManager#0, org.springframework.security.authenticationManager]
at org.springframework.util.Assert.isTrue(Assert.java:65) ~[spring-core-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.lazyBean(AuthenticationConfiguration.java:112) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.getAuthenticationMangerBean(AuthenticationConfiguration.java:122) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.getAuthenticationManager(AuthenticationConfiguration.java:81) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.authenticationManager(GlobalMethodSecurityConfiguration.java:246) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.methodSecurityInterceptor(GlobalMethodSecurityConfiguration.java:117) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$9e9ddf83.CGLIB$methodSecurityInterceptor$7(<generated>) ~[spring-core-4.1.4.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$9e9ddf83$$FastClassBySpringCGLIB$$a8539286.invoke(<generated>) ~[spring-core-4.1.4.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:309) ~[spring-context-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$9e9ddf83.methodSecurityInterceptor(<generated>) ~[spring-core-4.1.4.RELEASE.jar:3.2.5.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_60]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_60]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_60]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_60]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
... 24 common frames omitted`

我在spring-security-beans.xml中的authenticationManager聲明/配置是： <authentication-manager> <authentication-provider ref="casAuthenticationProvider" /> </authentication-manager>

有人給我一個很好的提示來解決我的問題嗎？

編輯：

這是一個基於xml和java的配置。 在以下我的spring-security-beans.xml中：

<beans:beans xmlns="http://www.springframework.org/schema/security"        xmlns:beans="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
   http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
   http://www.springframework.org/schema/security
   http://www.springframework.org/schema/security/spring-security-3.2.xsd">

   <global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />

   <http auto-config="true" disable-url-rewriting="true" create-session="ifRequired">
      <intercept-url pattern="/pages/*" access="ROLE_UI_GENERAL, ROLE_ADMIN" />
      <logout logout-success-url="/" invalidate-session="true" delete-cookies="JSESSIONID" />
      <access-denied-handler ref="accessDeniedHandler" />
   </http>

   <authentication-manager alias="authenticationManager">
      <authentication-provider ref="casAuthenticationProvider" />
   </authentication-manager>

   <beans:bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
      <beans:property name="errorPage" value="/error_pages/403.jsp" />
   </beans:bean>

</beans:beans>

以及CAS配置：

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity( securedEnabled = true )
@Controller
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Value( "${cas.service}" )
    private String SERVER_HOST;
    @Value( "${server.port}" )
    private String SERVER_PORT;
    @Value( "${cas.host}" )
    private String CAS_AUTH;
    @Value( "${cas.authpath}" )
    private String CAS_AUTHPATH;
    @Value( "${cas.logoutpath}" )
    private String CAS_LOGOUTPATH;

    @Override
    protected void configure( final HttpSecurity http ) throws Exception {
    http.authorizeRequests().anyRequest().authenticated();
    http.csrf().disable();
    http.exceptionHandling().authenticationEntryPoint( casAuthenticationEntryPoint() ).and().logout()
    .logoutRequestMatcher( new AntPathRequestMatcher( "/j_spring_cas_security_logout" ) ).and() //$NON-NLS-1$
    .addFilter( casAuthenticationFilter() )
    .addFilterBefore( requestSingleSignOutFilter(), LogoutFilter.class );
}

@Override
public void configure( final WebSecurity web ) throws Exception {
    web.ignoring().antMatchers( "/javax.faces.resource/**" ); //$NON-NLS-1$
}

@Override
protected void configure( final AuthenticationManagerBuilder auth ) throws Exception {
    auth.authenticationProvider( casAuthenticationProvider() );
}

@Bean
public CasAuthenticationProvider casAuthenticationProvider() {
    CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
    casAuthenticationProvider.setAuthenticationUserDetailsService( authenticationUserDetailsService() );
    casAuthenticationProvider.setServiceProperties( serviceProperties() );
    casAuthenticationProvider.setTicketValidator( cas20ServiceTicketValidator() );
    casAuthenticationProvider.setKey( "mc_auth" ); //$NON-NLS-1$
    return casAuthenticationProvider;
}

@Bean
public AuthenticationUserDetailsService authenticationUserDetailsService() {
    return new CasAuthenticationUserDetailsService();
}

@Bean
public ServiceProperties serviceProperties() {
    ServiceProperties serviceProperties = new ServiceProperties();
    serviceProperties.setService( this.SERVER_HOST + ":" + this.SERVER_PORT + "/j_spring_cas_security_check" ); //$NON-NLS-1$ //$NON-NLS-2$
    serviceProperties.setSendRenew( false );
    return serviceProperties;
}

@Bean
public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
    return new Cas20ServiceTicketValidator( this.CAS_AUTH );
}

@Bean
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
    CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
    casAuthenticationFilter.setAuthenticationManager( authenticationManager() );
    return casAuthenticationFilter;
}

@Bean
public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
    CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
    casAuthenticationEntryPoint.setLoginUrl( this.CAS_AUTH + this.CAS_AUTHPATH );
    casAuthenticationEntryPoint.setServiceProperties( serviceProperties() );
    return casAuthenticationEntryPoint;
}

@Bean
public LogoutFilter requestSingleSignOutFilter() {
    SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler();
    LogoutFilter logoutFilter = new LogoutFilter( this.CAS_AUTH + this.CAS_LOGOUTPATH, logoutHandler );
    logoutFilter.setLogoutRequestMatcher( new AntPathRequestMatcher( "/j_spring_cas_security_logout" ) ); //$NON-NLS-1$
    return logoutFilter;
}

@RequestMapping( value = "/", method = RequestMethod.GET )
public String defaultUrl( final HttpSession session, final Model model, final HttpServletRequest request,
        final HttpServletResponse response ) {
    return "redirect:/pages/main"; //$NON-NLS-1$
}

Answer 1

您有兩個spring安全配置，一個是xml，一個是通過java配置，兩者都為您提供AuthenticationManager bean。 最好刪除其中任何一個，它應該可以正常工作。