spring-security java config：如何配置多个 AuthenticationManager 实例答案

【问题标题】：spring-security java config: How to configure Multiple AuthenticationManager instancesspring-security java config：如何配置多个 AuthenticationManager 实例
【发布时间】：2014-12-06 00:11:52
【问题描述】：

我用：

弹簧靴：1.1.7
弹簧安全：4.0.0.M2
spring-fmk: 4.1.1.RELEASE

一切都是用Java Config配置的（包括spring-security）

我正在开发一个 Web 服务器项目，其中 Authentication: Basic base64Gibberish 标头用于对用户进行身份验证。

问题在于，根据 URI，AuthenticationManager 是不同的（因为我需要 2 个不同的 UserDetailsService。

/URI1/** => authManager1
/URI2/** => authManager2

我尝试了WebSecurityConfigurerAdapter 的多个扩展

@Override
@Bean( name = "authManager1" )
public AuthenticationManager authenticationManagerBean() throws Exception

@Override
@Bean( name = "authManager2" )
public AuthenticationManager authenticationManagerBean() throws Exception

无济于事

我总是得到：

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' 
defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Instantiation of bean failed; 
nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: 
Factory method [public javax.servlet.Filter org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain() throws java.lang.Exception] 
threw exception; nested exception is java.lang.IllegalArgumentException: 
Expecting to only find a single bean for type interface org.springframework.security.authentication.AuthenticationManager, 
but found [authManager1, authManager2]

由于我有多个安全过滤器链，我如何“告诉”spring-security 在不同的安全过滤器链中注入不同的 AuthenticationManager ？

提前致谢 P.

【问题讨论】：

我也有同样的问题。您如何创建单独的 AuthManagers

标签： spring spring-security spring-boot

【解决方案1】：

您可以拥有多个 http 配置元素，每个元素都有自己的 AuthenticationManager。它可能看起来像这样：

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    private AuthenticationManager authenticationManager1() {
        // defines first AuthenticationManager
        return authenticationManager;
    }

    @Bean
    private AuthenticationManager authenticationManager2() {
        // defines second AuthenticationManager
        return authenticationManager;
    }

    @Configuration
    @Order(1)
    public static class Uri1ApiConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        @Qualifier(authenticationManager1)
        private authManager1;

        @Override
        protected AuthenticationManager authenticationManager() {
            return authManager1;
        }

        protected void configure(HttpSecurity http) throws Exception {
            http
                .antMatcher("/URI1/**")
                ...
        }
    }

    @Configuration
    @Order(2)
    public static class Uri2ApiConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        @Qualifier(authenticationManager2)
        private authManager2;

        @Override
        protected AuthenticationManager authenticationManager() {
            return authManager2;
        }

        protected void configure(HttpSecurity http) throws Exception {
            http
                .antMatcher("/URI2/**")
                ...
        }
    }
}

【讨论】：