【发布时间】:2020-10-31 15:11:38
【问题描述】:
我有一个要在我的项目中实现的安全 jar。我正在扩展 BasicSecurityConfig 扩展 WebSecurityConfigurerAdapter 并具有所有过滤器。有人告诉我,我需要的只是扩展BasicSecurityConfig 并调用super().configure,这将调用父级的配置方法。但是,我收到此错误,
Field authenticationManager in com.custom.security.CustomSecurityFilter required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found.
父类已经有一个AuthenticationManager bean,我应该不需要在子类中定义它。
My Security 类
public class SecurityConfiguration extends BasicSecurityConfig {
private static final String PAYMONEYROLE = "(hasRole('EE'))";
@Override
protected void configure(HttpSecurity http) throws Exception {
// must call super first
super.configure(http);
http.authorizeRequests()
.antMatchers(HttpMethod.POST, "/v1/cart/validate").authenticated()
.antMatchers(HttpMethod.POST, "/v1/cart/validate").access(PAYMONEYROLE)
.and().cors().and().csrf().disable();
}
@Bean
public FilterRegistrationBean invalidResourceFilterRegistration(InvalidResourceFilter invalidResourceFilter) {
FilterRegistrationBean registration = new FilterRegistrationBean(invalidResourceFilter);
registration.setEnabled(false);
invalidResourceFilter.setDisabled(true);
return registration;
}
@Bean
public FilterRegistrationBean customSecurityFilterRegistration(CustomSecurityFilter customSecurityFilter) {
FilterRegistrationBean registration = new FilterRegistrationBean(customSecurityFilter);
registration.setEnabled(false);
return registration;
}
}
Custom Security罐子
public class BasicSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private ApplicationContext applicationContext;
@Autowired
private InvalidResourceFilter invalidResourceFilter;
public BasicSecurityConfig() {
}
protected void configure(HttpSecurity http) throws Exception {
((HttpSecurity)((HttpSecurity)http.addFilterBefore(this.customSecurityFilter(), AbstractPreAuthenticatedProcessingFilter.class).addFilterAfter(this.invalidResourceFilter, FilterSecurityInterceptor.class).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint()).accessDeniedHandler(this.customDeniedHandler()).and()).authorizeRequests().accessDecisionManager(this.accessDecisionManager());
}
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(new String[]{"/docs**/**", "/swagger-ui.html**/**", "/webjars**/**", "/swagger-resources**/**", "/api-docs**/**", "/v2/api-docs**", "/version.json**"});
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(this.customAuthenticationProvider());
}
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler() {
return new CustomWebSecurityExpressionHandler();
}
@Bean
public CustomSecurityFilter customSecurityFilter() {
return new CustomSecurityFilter();
}
@Bean
public AuthenticationProvider customAuthenticationProvider() {
return new CustomAuthenticationProvider();
}
@Bean
public AuthenticationSuccessHandler customSuccessHandler() {
return new CustomSuccessHandler();
}
@Bean
public AccessDeniedHandler customDeniedHandler() {
return new CustomAccessDeniedHandler();
}
@Bean
public AuthenticationEntryPoint authenticationEntryPoint() {
return new CustomAuthenticationEntryPoint();
}
@Bean
public CustomSystemUserAuthVoter customSystemUserAuthVoter() {
return new CustomSystemUserAuthVoter();
}
@Bean
public WebExpressionVoter webExpressionVoter() {
WebExpressionVoter wev = new WebExpressionVoter();
wev.setExpressionHandler(this.defaultWebSecurityExpressionHandler());
return wev;
}
@Bean
public AccessDecisionManager accessDecisionManager() {
return new ExplicitDecisionManager(Arrays.asList(this.customSystemUserAuthVoter(), this.webExpressionVoter()));
}
}
【问题讨论】:
标签: java spring spring-boot security spring-security