为什么这个Spring Security AuthenticationProvider 配置Java后没有找到? [英] Why isn’t this Spring Security AuthenticationProvider found after being Java configured?

问题描述

我正在使用 1.3 将 Spring Security Auth0 集成到 Spring Web 应用程序中.2.发布BOM.我一直在使用提供的 auth0-security-context.xml 文件来配置身份验证，它工作并且看起来像这样:

I’m integrating Spring Security Auth0 into a Spring web app using the 1.3.2.RELEASE BOM. I had been using the provided auth0-security-context.xml file to configure authentication, which worked and looks like this:

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <bean id="auth0EntryPoint" class="com.auth0.spring.security.auth0.Auth0AuthenticationEntryPoint" />

    <!-- all urls starting with unsecured are -->
    <security:http pattern="${auth0.securedRoute}" create-session="stateless"  entry-point-ref="auth0EntryPoint">
        <security:intercept-url pattern="${auth0.securedRoute}" access="ROLE_USER" />
        <security:custom-filter ref="auth0Filter" after="SECURITY_CONTEXT_FILTER" ></security:custom-filter>
    </security:http>

    <!-- Otherwise by default everything is secured -->
    <security:http auto-config="true" use-expressions="true"  pattern="/**" create-session="stateless"  entry-point-ref="auth0EntryPoint">
        <security:intercept-url pattern="/**" access='permitAll' />
    </security:http>

    <bean id="auth0Filter" class="com.auth0.spring.security.auth0.Auth0AuthenticationFilter">
        <property name="entryPoint" ref="auth0EntryPoint"></property>
    </bean>

    <bean id="auth0AuthenticationProvider" class="com.auth0.spring.security.auth0.Auth0AuthenticationProvider">
        <property name="clientSecret" value="${auth0.clientSecret}" ></property>
        <property name="clientId" value="${auth0.clientId}" ></property>
        <property name="securedRoute" value="${auth0.securedRoute}" ></property>
    </bean>

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider ref="auth0AuthenticationProvider" />
    </security:authentication-manager>

</beans>

我需要自定义配置(我需要关闭CSRF保护)，所以我删除了导入上述XML文件的注释，并尝试将上述内容转换为Java Config，使用以下类:

I need to customize the configuration (I need to turn off CSRF protection), so I remove the annotation that imported the above XML file, and tried to translate the above into a Java Config, using the following classes:

Auth0Configuration.java

Auth0Configuration.java

package co.masslab.shiba;

import com.auth0.spring.security.auth0.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.*;

@Configuration
@ComponentScan(basePackages={"com.auth0"})
@PropertySource("classpath:auth0.properties")
public class Auth0Configuration {

    @Value("${auth0.clientSecret}")
    private String clientSecret;

    @Value("${auth0.clientId}")
    private String clientId;

    @Value("${auth0.securedRoute}")
    private String securedRoute;

    @Bean
    public Auth0AuthenticationEntryPoint auth0EntryPoint() {
        return new Auth0AuthenticationEntryPoint();
    }

    @Bean
    @Autowired
    public Auth0AuthenticationFilter auth0Filter(Auth0AuthenticationEntryPoint auth0EntryPoint) {
        Auth0AuthenticationFilter authFilter = new Auth0AuthenticationFilter();
        authFilter.setEntryPoint(auth0EntryPoint);
        return authFilter;
    }

    @Bean
    public Auth0AuthenticationProvider auth0AuthenticationProvider() {
        Auth0AuthenticationProvider authProvider = new Auth0AuthenticationProvider();
        authProvider.setClientSecret(clientSecret);
        authProvider.setClientId(clientId);
        authProvider.setSecuredRoute(securedRoute);
        return authProvider;
    }
}

WebSecurityConfig.java

WebSecurityConfig.java

package co.masslab.shiba;

import com.auth0.spring.security.auth0.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final static Logger log = LoggerFactory.getLogger(WebSecurityConfig.class);

    @Value("${auth0.securedRoute}")
    private String securedRoute;

    @Autowired
    private Auth0AuthenticationEntryPoint auth0EntryPoint;

    @Autowired
    private Auth0AuthenticationFilter auth0Filter;

    @Autowired
    private Auth0AuthenticationProvider auth0AuthenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        log.info("Configuring HttpSecurity");

        http
            .authorizeRequests().antMatchers(securedRoute).hasRole("USER")
            .and()
            .exceptionHandling().authenticationEntryPoint(auth0EntryPoint)
            .and()
            .addFilterAfter(auth0Filter, SecurityContextPersistenceFilter.class)
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        log.info("Configuring AuthenticationManagerBuilder");
        auth.authenticationProvider(auth0AuthenticationProvider);
    }
}

所有这些编译和运行无一例外，当我不提供任何身份验证时，它正确地告诉我我需要这样做，但是当我在授权标头中使用有效的不记名令牌进行身份验证时，我收到消息未找到 com.auth0.spring.security.auth0.Auth0JWTToken 的 AuthenticationProvider.完全清楚，在使用这个问题顶部给出的 auth0-security-context.xml 文件时，我没有这个问题.

All of this compiles and runs without exception, and when I don’t provide any authentication it correctly tells me that I need to do so, but when I authenticate using a valid bearer token in the authorization header, I get the message No AuthenticationProvider found for com.auth0.spring.security.auth0.Auth0JWTToken. To be completely clear, I don’t have that problem when using the auth0-security-context.xml file given at the top of this question.

从 XML 配置转换为 Java 配置时我错过了什么?

What did I miss when translating from XML config to Java config?

推荐答案

秘诀是配置AuthenticationManagerBuilder的方法需要用@Autowired标记.

The secret is that the method that configures the AuthenticationManagerBuilder needs to be marked with @Autowired.

这篇关于为什么这个Spring Security AuthenticationProvider 配置Java后没有找到?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！