spring-security 无法创建验证管理器Bean

ndasle7k  于 2022-11-11  发布在  Spring
关注(0)|答案(3)|浏览(185)

我们正在尝试使用令牌身份验证进行用户@预授权。
当我们尝试使用@PreAuthorize时,在调用API之前,SpringSecurity弹出登录页面。我们不需要该页面,因为我们有自己的身份验证过程。
为了跳过该页面,我们在主类上添加了@SpringBootApplication(exclude = {安全性自动配置.类,管理Web安全性自动配置.类})。
在此之后,登录页面被跳过,但当我们触发所有API时,它们都给出了错误,即需要在上下文中进行身份验证。
为此,我们进行了以下变更

@Configuration
public class MethodSecurityConfig extends WebSecurityConfigurerAdapter {

@Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {

        http.csrf().disable().addFilter(new AuthFilter(authenticationManagerBean())).authorizeRequests().anyRequest().permitAll();

    }

}

@Component
public class AuthFilter implements Filter {

    private AuthenticationManager authenticationManager;

    public AuthFilter(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterchain)
            throws IOException, ServletException {

        final String authorizationHeader = ((HttpServletRequest) request).getHeader("Authorization");
        System.out.println("===========Filter called================");

        final Authentication authentication = authenticationManager
                .authenticate(SecurityContextHolder.getContext().getAuthentication());

        System.out.println("===========Authentication================"+authentication);

        if (authentication != null && !(authentication instanceof AnonymousAuthenticationToken)
                && authentication.isAuthenticated()) {

            // set authentication in security context holder
            SecurityContextHolder.getContext().setAuthentication(authentication);

        }
        filterchain.doFilter(request, response);
    }
}

现在,当我收到AuthenticationManager没有Bean的错误时。
我尝试了许多其他方法,但豆子仍然没有被注入过滤器
中方对此有何评论?

5m1hhzi4

5m1hhzi41#

@Configuration
public class MethodSecurityConfig extends WebSecurityConfigurerAdapter {

@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception    {
    return super.authenticationManagerBean();
}

@Override
public void configure(HttpSecurity http) throws Exception {

    http.csrf().disable().addFilter(new AuthFilter(authenticationManagerBean())).authorizeRequests().anyRequest().permitAll();

    }

}

@Component
public class AuthFilter implements Filter {

@Autowired //--->use this
private AuthenticationManager authenticationManager;

public AuthFilter(AuthenticationManager authenticationManager) {
    this.authenticationManager = authenticationManager;
}

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterchain)
        throws IOException, ServletException {

    final String authorizationHeader = ((HttpServletRequest) request).getHeader("Authorization");
    System.out.println("===========Filter called================");

    final Authentication authentication = authenticationManager
            .authenticate(SecurityContextHolder.getContext().getAuthentication());

    System.out.println("===========Authentication================"+authentication);

    if (authentication != null && !(authentication instanceof AnonymousAuthenticationToken)
            && authentication.isAuthenticated()) {

        // set authentication in security context holder
        SecurityContextHolder.getContext().setAuthentication(authentication);

    }
    filterchain.doFilter(request, response);
}

}

3df52oht

3df52oht2#

尝试类似这样东西可能会有帮助:

@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
   @Override
   public AuthenticationManager authenticationManagerBean() throws Exception {
       return super.authenticationManagerBean();
   }

您还可以引用此How To Inject AuthenticationManager using Java Configuration in a Custom Filter

62o28rlo

62o28rlo3#

一旦尝试这样

@Configuration
public class MethodSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
     AuthFilter authFilter;

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {

        http.csrf().disable().addFilter(authFilter).authorizeRequests().anyRequest().permitAll();//change is here

    }

}

@Component
public class AuthFilter implements Filter {

    private AuthenticationManager authenticationManager;

    public AuthFilter(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterchain)
            throws IOException, ServletException {

        final String authorizationHeader = ((HttpServletRequest) request).getHeader("Authorization");
        System.out.println("===========Filter called================");

        final Authentication authentication = authenticationManager
                .authenticate(SecurityContextHolder.getContext().getAuthentication());

        System.out.println("===========Authentication================"+authentication);

        if (authentication != null && !(authentication instanceof AnonymousAuthenticationToken)
                && authentication.isAuthenticated()) {

            // set authentication in security context holder
            SecurityContextHolder.getContext().setAuthentication(authentication);

        }
        filterchain.doFilter(request, response);
    }
}

请使用Spring Bean AuthFilter,而不要创建验证过滤器的Java对象

相关问题