具有自定义身份验证筛选器的WebSecurityConfigurerAdapter-依赖问题 [英] WebSecurityConfigurerAdapter with custom authentication filter - dependency issue
问题描述
我具有SPNEGO的春季安全配置,该配置正在解决"问题.它看起来如下:
I have spring security configuration with SPNEGO which is working "with a hack". It looks as follows:
@Configuration
@EnableWebSecurity
public class SpnegoConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
...
.addFilterBefore(
spnegoAuthenticationProcessingFilter(authenticationManagerBean()),
BasicAuthenticationFilter.class); // 1
}
@Override
@Autowired // 3
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.authenticationProvider(kerberosAuthenticationProvider())
.authenticationProvider(kerberosServiceAuthenticationProvider());
}
@Bean
public SpnegoAuthenticationProcessingFilter spnegoAuthenticationProcessingFilter(
AuthenticationManager authenticationManager) { // 2
SpnegoAuthenticationProcessingFilter filter =
new SpnegoAuthenticationProcessingFilter();
filter.setAuthenticationManager(authenticationManager);
return filter;
}
...
}
发生了什么事
- 我需要添加spnegoAuthenticationProcessingFilter(1)
- 此过滤器依赖于authenticationManager(2)
- 我需要添加身份验证提供程序(3)
该类中的点是WebSecurityConfigurerAdapter,我覆盖了2种方法:
Point being in this class which is WebSecurityConfigurerAdapter I'm overriding 2 methods:
-
configure(HttpSecurity http)-通过自定义过滤器依赖于已构建的AuthenticationManager -
configure(AuthenticationManagerBuilder auth)-这显然与AuthenticationManager尚未建立有关-我们正在建立它
configure(HttpSecurity http)- this has dependency on the already builtAuthenticationManagerthrough custom filterconfigure(AuthenticationManagerBuilder auth)- this clearly relates onAuthenticationManagerno being built yet - we're building it
如果方法(3)上没有@Autowired,则AuthenticationManager的构建时间过早,添加AuthenticationProvider无效.身份验证失败,但没有合适的AuthenticationProvider.
If I don't have the @Autowired on method (3) the AuthenticationManager is built too early and my adding of AuthenticationProviders has no effect. The authentication fails with exception there is no suitable AuthenticationProvider.
将@Autowired放在适当的位置,它可以工作,但是如果感觉不对.我什至不知道为什么它那么会开始工作.
With the @Autowired in place it works but if feels wrong. I'm not even sure why it starts working then.
请提供正确方法的建议.
Please advice on the right approach.
实际上,该方法无需使用@Autowired.但是,重点在于公认的答案.如果您曾经依赖过@Configuration中的AuthenticationManager,请确保已通过authenticationManagerBean()方法公开或引用了它.
It actually works without the @Autowired. But the point is in the accepted answer. If you ever depend on AuthenticationManager in @Configuration make sure it's either exposed or referenced via the authenticationManagerBean() method.
推荐答案
您使用了错误的AuthenticationManager.
如果要通过依赖注入使用SpnegoConfig中的AuthenticationManager,则必须公开它,请参见
If you want to use the AuthenticationManager from SpnegoConfig with dependency injection, you have to expose it, see JavaDoc:
重写此方法以将configure(AuthenticationManagerBuilder)中的AuthenticationManager公开为Bean.例如:
Override this method to expose the AuthenticationManager from configure(AuthenticationManagerBuilder) to be exposed as a Bean. For example:
@Bean(name name="myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
如果要配置全局AuthenticationManager,则必须自动连接AuthenticationMangerBuilder,请参见
If you want to configure global AuthenticationManager, you have to autowire the AuthenticationMangerBuilder, see Spring Security 3.2.0.RC2 Released
例如,如果要配置全局身份验证(即,只有一个AuthenticationManager),则应自动连接AuthenticationMangerBuilder:
For example, if you want to configure global authentication (i.e. you only have a single AuthenticationManager) you should autowire the AuthenticationMangerBuilder:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
// ... configure it ...
}
这篇关于具有自定义身份验证筛选器的WebSecurityConfigurerAdapter-依赖问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
