如何在自定义filter中使用Javaconfiguration注入AuthenticationManager
我正在使用Spring Security 3.2和Spring 4.0.1
我正在把XMLconfiguration转换成Javaconfiguration。 当我在Filter中使用@Autowired注解AuthenticationManager时,我收到一个exception
Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.authentication.AuthenticationManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}
我已经尝试注入AuthenticationManagerFactoryBean但也失败了一个类似的exception。
这是我正在从事的XMLconfiguration
<?xml version="1.0" encoding="UTF-8"?> <beans ...> <security:authentication-manager id="authenticationManager"> <security:authentication-provider user-service-ref="userDao"> <security:password-encoder ref="passwordEncoder"/> </security:authentication-provider> </security:authentication-manager> <security:http realm="Protected API" use-expressions="true" auto-config="false" create-session="stateless" entry-point-ref="unauthorizedEntryPoint" authentication-manager-ref="authenticationManager"> <security:access-denied-handler ref="accessDeniedHandler"/> <security:custom-filter ref="tokenAuthenticationProcessingFilter" position="FORM_LOGIN_FILTER"/> <security:custom-filter ref="tokenFilter" position="REMEMBER_ME_FILTER"/> <security:intercept-url method="GET" pattern="/rest/news/**" access="hasRole('user')"/> <security:intercept-url method="PUT" pattern="/rest/news/**" access="hasRole('admin')"/> <security:intercept-url method="POST" pattern="/rest/news/**" access="hasRole('admin')"/> <security:intercept-url method="DELETE" pattern="/rest/news/**" access="hasRole('admin')"/> </security:http> <bean class="com.unsubcentral.security.TokenAuthenticationProcessingFilter" id="tokenAuthenticationProcessingFilter"> <constructor-arg value="/rest/user/authenticate"/> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/> <property name="authenticationFailureHandler" ref="authenticationFailureHandler"/> </bean> </beans>
这是我正在尝试的Javaconfiguration
@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Autowired private PasswordEncoder passwordEncoder; @Autowired private AuthenticationEntryPoint authenticationEntryPoint; @Autowired private AccessDeniedHandler accessDeniedHandler; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(userDetailsService).passwordEncoder(passwordEncoder); } @Override protected void configure(HttpSecurity http) throws Exception { http .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .exceptionHandling() .authenticationEntryPoint(authenticationEntryPoint) .accessDeniedHandler(accessDeniedHandler) .and(); //TODO: Custom Filters } }
这是Custom Filter类。 给我麻烦的线是AuthenticationManager的setter
@Component public class TokenAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter { @Autowired public TokenAuthenticationProcessingFilter(@Value("/rest/useAuthenticationManagerr/authenticate") String defaultFilterProcessesUrl) { super(defaultFilterProcessesUrl); } @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { ... } private String obtainPassword(HttpServletRequest request) { return request.getParameter("password"); } private String obtainUsername(HttpServletRequest request) { return request.getParameter("username"); } @Autowired @Override public void setAuthenticationManager(AuthenticationManager authenticationManager) { super.setAuthenticationManager(authenticationManager); } @Autowired @Override public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler) { super.setAuthenticationSuccessHandler(successHandler); } @Autowired @Override public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) { super.setAuthenticationFailureHandler(failureHandler); } }
在WebSecurityConfigurerAdapter覆盖方法authenticationManagerBean ,将使用configure(AuthenticationManagerBuilder)构build的AuthenticationManager公开为Spring bean:
例如:
@Bean(name = BeanIds.AUTHENTICATION_MANAGER) @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); }
