我正在使用Spring Security 3.2和Spring 4.0.1
我正在将xml配置转换为Java配置。当我在“过滤器”中添加注释AuthenticationManager时@Autowired,出现异常
AuthenticationManager
Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.authentication.AuthenticationManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}
我已经尝试了注入,AuthenticationManagerFactoryBean但是由于类似的异常也失败了。
AuthenticationManagerFactoryBean
这是我正在使用的XML配置
<?xml version="1.0" encoding="UTF-8"?> <beans ...> <security:authentication-manager id="authenticationManager"> <security:authentication-provider user-service-ref="userDao"> <security:password-encoder ref="passwordEncoder"/> </security:authentication-provider> </security:authentication-manager> <security:http realm="Protected API" use-expressions="true" auto-config="false" create-session="stateless" entry-point-ref="unauthorizedEntryPoint" authentication-manager-ref="authenticationManager"> <security:access-denied-handler ref="accessDeniedHandler"/> <security:custom-filter ref="tokenAuthenticationProcessingFilter" position="FORM_LOGIN_FILTER"/> <security:custom-filter ref="tokenFilter" position="REMEMBER_ME_FILTER"/> <security:intercept-url method="GET" pattern="/rest/news/**" access="hasRole('user')"/> <security:intercept-url method="PUT" pattern="/rest/news/**" access="hasRole('admin')"/> <security:intercept-url method="POST" pattern="/rest/news/**" access="hasRole('admin')"/> <security:intercept-url method="DELETE" pattern="/rest/news/**" access="hasRole('admin')"/> </security:http> <bean class="com.unsubcentral.security.TokenAuthenticationProcessingFilter" id="tokenAuthenticationProcessingFilter"> <constructor-arg value="/rest/user/authenticate"/> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/> <property name="authenticationFailureHandler" ref="authenticationFailureHandler"/> </bean> </beans>
这是我正在尝试的Java Config
@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Autowired private PasswordEncoder passwordEncoder; @Autowired private AuthenticationEntryPoint authenticationEntryPoint; @Autowired private AccessDeniedHandler accessDeniedHandler; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(userDetailsService).passwordEncoder(passwordEncoder); } @Override protected void configure(HttpSecurity http) throws Exception { http .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .exceptionHandling() .authenticationEntryPoint(authenticationEntryPoint) .accessDeniedHandler(accessDeniedHandler) .and(); //TODO: Custom Filters } }
这是“自定义过滤器”类。给我麻烦的那一行是AuthenticationManager的设置器
@Component public class TokenAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter { @Autowired public TokenAuthenticationProcessingFilter(@Value("/rest/useAuthenticationManagerr/authenticate") String defaultFilterProcessesUrl) { super(defaultFilterProcessesUrl); } @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { ... } private String obtainPassword(HttpServletRequest request) { return request.getParameter("password"); } private String obtainUsername(HttpServletRequest request) { return request.getParameter("username"); } @Autowired @Override public void setAuthenticationManager(AuthenticationManager authenticationManager) { super.setAuthenticationManager(authenticationManager); } @Autowired @Override public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler) { super.setAuthenticationSuccessHandler(successHandler); }
@Autowired
覆盖方法authenticationManagerBean中WebSecurityConfigurerAdapter的内置的AuthenticationManager使用揭露configure(AuthenticationManagerBuilder)作为一个Spring bean:
authenticationManagerBean
WebSecurityConfigurerAdapter
configure(AuthenticationManagerBuilder)
例如:
@Bean(name = BeanIds.AUTHENTICATION_MANAGER) @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); }