[英]Failed to instantiate org.springframework.security.authentication.UsernamePasswordAuthenticationToken using constructor NO_CONSTRUCTOR with arguments
[英]Spring security 5/spring boot 2.2: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
我們正在將我們的應用程序從 spring 啟動 1.5.x 升級到 2.2.x 和 spring 安全 4.x 到 5.3.2。 我們為 web 安全性定義了以下內容:
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Profile("uno")
public class UnoSecurityConfig extends AbstractSecurityConfig {
@Autowired
private ServletContext servletContext;
@Override
protected void configure(HttpSecurity http) throws Exception {
BasicAuthFilter basicAuthFilter = new BasicAuthFilter();
basicAuthFilter.init(new BasicAuthSSOFilterConfig(servletContext));
http
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/ping").permitAll()
.antMatchers(HttpMethod.POST, "/ping").permitAll()
.antMatchers("/**").hasAuthority(OurPrivileges.ALL_MEASURE)
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()//allow CORS option calls
.and()
.addFilter(securityContextPersistenceFilter())
.addFilterAfter(new RequestContextFilter(), SecurityContextPersistenceFilter.class)
.addFilterAfter(new CrossFramePreventionFilter(), RequestContextFilter.class)
.addFilterAfter(basicAuthFilter, CrossFramePreventionFilter.class)
.addFilterAfter(preAuthenticationFilter(), BasicAuthFilter.class)
.addFilterAfter(exceptionTranslationFilter(), PreAuthenticatedUserDetailsFilter.class);
http.headers().contentSecurityPolicy(SecurityUtility.getContentSecurityPolicy());
}
當我嘗試點擊 /ping 端點時,它應該讓我進入,但我卻彈出身份驗證框,然后被拒絕。 我在日志中看到了這一點:
2020-05-26 09:56:39.881-0500 DEBUG APP=829 COMP=782 [https-jsse-nio-30062-exec-
2:OrRequestMatcher:[]] -Trying to match using Ant [pattern='/actuator/health/**']
2020-05-26 09:56:39.881-0500 DEBUG APP=829 COMP=782 [https-jsse-nio-30062-exec-
2:AntPathRequestMatcher:[]] -Checking match of request : '/ping'; against '/actuator/health/**'
2020-05-26 09:56:39.881-0500 DEBUG APP=829 COMP=782 [https-jsse-nio-30062-exec-2:OrRequestMatcher:[]] -Trying to match using Ant [pattern='/actuator/info/**']
2020-05-26 09:56:39.881-0500 DEBUG APP=829 COMP=782 [https-jsse-nio-30062-exec-2:AntPathRequestMatcher:[]] -Checking match of request : '/ping'; against '/actuator/info/**'
2020-05-26 09:56:39.881-0500 DEBUG APP=829 COMP=782 [https-jsse-nio-30062-exec-2:OrRequestMatcher:[]] -Trying to match using Ant [pattern='/actuator']
2020-05-26 09:56:39.881-0500 DEBUG APP=829 COMP=782 [https-jsse-nio-30062-exec-2:AntPathRequestMatcher:[]] -Checking match of request : '/ping'; against '/actuator'
2020-05-26 09:56:39.881-0500 DEBUG APP=829 COMP=782 [https-jsse-nio-30062-exec-2:OrRequestMatcher:[]] -Trying to match using Ant [pattern='/actuator/']
2020-05-26 09:56:39.881-0500 DEBUG APP=829 COMP=782 [https-jsse-nio-30062-exec-2:AntPathRequestMatcher:[]] -Checking match of request : '/ping'; against '/actuator/'
2020-05-26 09:56:39.881-0500 DEBUG APP=829 COMP=782 [https-jsse-nio-30062-exec-2:OrRequestMatcher:[]] -No matches found
2020-05-26 09:56:39.881-0500 DEBUG APP=829 COMP=782 [https-jsse-nio-30062-exec-2:AntPathRequestMatcher:[]] -Request '/ping' matched by universal pattern '/**'
其他需要身份驗證的端點不允許我進入並給出 401/403 錯誤,拋出異常是帖子的標題。 顯然 spring 沒有使用我們的自定義邏輯。 我們的代碼都沒有改變,只是依賴關系。 我該如何超越這一點?
配置覆蓋創建一個新的過濾器鏈,它優先於默認的 springSecurityFilterChain ,因此接受所有請求並拒絕一切。 我將@Order(1) 添加到我的安全配置 class 中,從而解決了問題。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.