StackOverflowError试图在Spring WebSecurityConfigurerAdapter中公开AuthenticationManager [英] StackOverflowError Trying to Expose AuthenticationManager in Spring WebSecurityConfigurerAdapter

问题描述

我试图通过扩展WebSecurityConfigurerAdapter来创建一个Spring Security配置，基本上就像这样：

I am attempting to create a Spring Security configuration by extending WebSecurityConfigurerAdapter basically like this:

@EnableWebSecurity
@Configuration
public class StackOverflowSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.authenticationProvider(myUsernamePasswordProvider());
        auth.authenticationProvider(mySecurityTokenProvider());

        super.configure(auth);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public MyPreAuthenticatedProcessingFilter myAuthenticationFilter() throws Exception {
        MyPreAuthenticatedProcessingFilter myAuthenticationFilter = new MyPreAuthenticatedProcessingFilter();
        myAuthenticationFilter.setAuthenticationManager(authenticationManager());

        return myAuthenticationFilter;
    }

}

我看到了这个：

SEVERE: Servlet.service() for servlet [servlet] in context with path [/MyApp] threw exception [Filter execution threw an exception] with root cause
[INFO] [talledLocalContainer] java.lang.StackOverflowError
[INFO] [talledLocalContainer]   at org.springframework.security.authentication.AnonymousAuthenticationProvider.supports(AnonymousAuthenticationProvider.java:79)
[INFO] [talledLocalContainer]   at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:164)
[INFO] [talledLocalContainer]   at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:469)
[INFO] [talledLocalContainer]   at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
[INFO] [talledLocalContainer]   at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:469)
[INFO] [talledLocalContainer]   at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
[INFO] [talledLocalContainer]   at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:469)
[INFO] [talledLocalContainer]   at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
[INFO] [talledLocalContainer]   at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:469)
[INFO] [talledLocalContainer]   at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
[INFO] [talledLocalContainer]   at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:469)
[INFO] [talledLocalContainer]   at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
...

我已经尝试更改我能想到的所有内容以正确获取AuthenticationManager并且没有得到StackOverflow错误而且我仍然卡住了。我发现的唯一一件就是这个缺陷， https://github.com / spring-projects / spring-security / issues / 2732 ，当有无配置尝试在未配置身份验证时将AuthenticationManager公开为Bean时，有人看到同样的问题。不幸的是，我不知道究竟是什么意思或如何解决这个问题。

I've tried changing everything I can think of to properly get the AuthenticationManager exposed and not get a StackOverflow error and I'm still stuck. The only thing I've found is this defect, https://github.com/spring-projects/spring-security/issues/2732, with Spring Security where someone saw this same issue when there is "an invalid configuration that tries to expose the AuthenticationManager as a Bean when no authentication has been configured". Unfortunately I don't know what exactly that means or how to get around this.

这个Spring Security配置适用于Spring XML配置，这是我尝试迁移到Spring Java Config。有没有更好的方法来配置我的Spring Security和/或将AuthenticationManager暴露给我的自定义身份验证过滤器？

This Spring Security config works in Spring XML config and this is my attempt to migrate to Spring Java Config. Is there a better way I should be configuring my Spring Security and/or exposing the AuthenticationManager to my custom authentication filter?

推荐答案

我终于找到了问题。问题是我覆盖了错误的方法。我做了：

I finally figured out the issue. The problem was that I overrode the wrong method. I did:

@Override
@Bean
public AuthenticationManager authenticationManager() throws Exception {
    return super.authenticationManagerBean();
}

而不是：

@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

我最终覆盖了类似但不正确的方法。方法 authenticationManager（）用于对AuthenticationManager进行一些配置， authenticationManagerBean（）用于公开AuthenticationManager作为可以自动装配和使用的Spring Bean。执行我所做的操作会导致必要的配置不会发生，而是以一种导致堆栈溢出的方式链接AuthenticationManagers。

I ended up overriding a similar but incorrect method. The method authenticationManager() is used to do some configuration to the AuthenticationManager, authenticationManagerBean() is used to expose the AuthenticationManager as a Spring Bean that can be Autowired and used. Doing what I did causes the necessary configuration to not happen and instead links AuthenticationManagers in such a way that they cause a stack overflow.

这篇关于StackOverflowError试图在Spring WebSecurityConfigurerAdapter中公开AuthenticationManager的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！