必须指定 Spring Security authenticationmanager - 用于自定义过滤器
Posted
技术标签:
【中文标题】必须指定 Spring Security authenticationmanager - 用于自定义过滤器【英文标题】:Spring Security authenticationmanager must be specified - for custom filter 【发布时间】:2016-03-17 23:24:33 【问题描述】:我正在尝试创建自定义用户名密码身份验证过滤器,因为我需要验证来自两个不同来源的密码。我正在使用 Spring Boot 1.2.1 和 Java 配置。我在部署时遇到的错误是
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'customUsernamePasswordAuthenticationFilter' defined in file [/Users/rjmilitante/Documents/eclipse-workspace/login-service/bin/com/elsevier/eols/loginservice/CustomUsernamePasswordAuthenticationFilter.class]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: authenticationManager must be specified
…
Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified
我不确定我错过了什么。我一直在尝试在我的 SecurityConfig 中为此过滤器设置 authenticationManager。我的代码看起来像
我的过滤器:
@Component
public class CustomUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter
public CustomUsernamePasswordAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher)
super(requiresAuthenticationRequestMatcher);
// TODO Auto-generated constructor stub
public CustomUsernamePasswordAuthenticationFilter()
super(new AntPathRequestMatcher("/login","POST"));
// TODO Auto-generated constructor stub
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException
// String dbValue = request.getParameter("dbParam");
// request.getSession().setAttribute("dbValue", dbValue);
System.out.println("attempting to authentificate");
while (request.getAttributeNames().hasMoreElements())
String e = (String) request.getAttributeNames().nextElement();
System.out.println("param name : " + e + " and param value : " + request.getAttribute(e));
return null;
我的安全配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter
@Bean
public PasswordEncoder passwordEncoder()
return new BCryptPasswordEncoder();
@Bean(name="loginService")
public LoginService loginService()
return new LoginServiceImpl();
@Bean( name="myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception
return super.authenticationManagerBean();
@Bean
CustomUsernamePasswordAuthenticationFilter customUsernamePasswordAuthenticationFilter() throws Exception
CustomUsernamePasswordAuthenticationFilter customUsernamePasswordAuthenticationFilter = new CustomUsernamePasswordAuthenticationFilter();
customUsernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
return customUsernamePasswordAuthenticationFilter;
@Autowired
private myAuthenticationProvider myAuthenticationProvider;
protected void configure(HttpSecurity http) throws Exception
http.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
/*.addFilterBefore(customUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)*/;
public void configure(AuthenticationManagerBuilder auth) throws Exception
auth.authenticationProvider(myAuthenticationProvider);
有人可以看看吗?不知道怎么回事。
【问题讨论】:
【参考方案1】:AbstractAuthenticationProcessingFilter 的 documentation 声明您必须设置 AuthenticationManager。
我建议您尝试在 CustomUsernamePasswordAuthenticationFilter 类中添加以下代码:
@Override
@Autowired
public void setAuthenticationManager(AuthenticationManager authenticationManager)
super.setAuthenticationManager(authenticationManager);
【讨论】:
【参考方案2】:我实际上已经克服了错误。我只需要从我的自定义过滤器中删除 @Component 注释。
【讨论】:
太棒了。非常感谢! 谁能解释一下为什么会这样??以上是关于必须指定 Spring Security authenticationmanager - 用于自定义过滤器的主要内容,如果未能解决你的问题,请参考以下文章
Spring Security:配置(AuthenticationManagerBuilder auth)
Spring Security:配置(AuthenticationManagerBuilder auth)
Spring Security:配置(AuthenticationManagerBuilder auth)与 authenticationManagerBean()