在corda中使用spring security的基本身份验证

Posted 2023-02-27

【中文标题】在corda中使用spring security的基本身份验证

【英文标题】：Basic authentication using spring security in corda

【发布时间】：2021-09-19 14:25:29

【问题描述】：

我正在尝试使用 Spring Security 在 Corda 中添加基本身份验证。 在集成弹簧安全性之前，cordapp 运行良好。 集成后，它会抛出一个或另一个错误。

如果只运行 Spring Boot 模板，则不会引发错误。我相信错误在 nodeRPCConnection 文件中。

这是引发的错误。

W 12:51:44 1 AnnotationConfigServletWebServerApplicationContext.refresh - Exception 
encountered during context initialization - cancelling refresh attempt: 
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 
'inMemoryUserDetailsManager' defined in class path resource 
[org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.class]: 
Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException
: Failed to instantiate 
[org.springframework.security.provisioning.InMemoryUserDetailsManager]: Factory method 
'inMemoryUserDetailsManager' threw exception; nested exception
is java.lang.NoSuchMethodError:
org.springframework.security.core.userdetails.User.withUsername(Ljava/lang/String;)
Lorg/springframework/security/core/userdetails/User$UserBuilder;

I 12:51:44 1 AnnotationMBeanExporter.destroy - Unregistering JMX-exposed beans on shutdown
W 12:51:44 1 CommonAnnotationBeanPostProcessor.postProcessBeforeDestruction - Invocation of 
destroy method failed on bean with name 'nodeRPCConnection': kotlin.UninitializedP
ropertyAccessException: lateinit property rpcConnection has not been initialized
I 12:51:44 1 StandardService.log - Stopping service [Tomcat]
I 12:51:44 1 ConditionEvaluationReportLoggingListener.logAutoConfigurationReport -

基本认证配置

@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
open class BasicAuthConfig : WebSecurityConfigurerAdapter() 
    override fun configure(http: HttpSecurity) 
        http
            .csrf().disable()
            .authorizeRequests()
            .antMatchers("/api/**").authenticated()
            .anyRequest().authenticated()
            .and()
            .httpBasic()
            .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    

    @Autowired
    fun configureGlobal(auth: AuthenticationManagerBuilder) 
        auth.inMemoryAuthentication()
            .withUser("admin")
            .password("nooproot")
            .roles("ADMIN")
   

NodeRPCConnection

@Component
open class NodeRPCConnection(
        @Value("\$$CORDA_NODE_HOST") private val host: String,
        @Value("\$$CORDA_USER_NAME") private val username: String,
        @Value("\$$CORDA_USER_PASSWORD") private val password: String,
        @Value("\$$CORDA_RPC_PORT") private val rpcPort: Int): AutoCloseable 

    lateinit var rpcConnection: CordaRPCConnection
        private set
    lateinit var proxy: CordaRPCOps
        private set

    @PostConstruct
    fun initialiseNodeRPCConnection() 
            val rpcAddress = NetworkHostAndPort(host, rpcPort)
            val rpcClient = CordaRPCClient(rpcAddress)
            val rpcConnection = rpcClient.start(username, password)
            proxy = rpcConnection.proxy
    

    @PreDestroy
    override fun close() 
        rpcConnection.notifyServerAndClose()
    

【问题讨论】：

NoSuchMethodError 可能指向您的依赖项中的问题。您可能想分享您的 pom.xml 或 build.gradle，以便有人可以帮助您解决日志中指出的问题。

【参考方案1】：

正如 steve 所说，这是你想要确定你的依赖关系的地方。

查看corda示例中的这些依赖项：

https://github.com/corda/samples-java/blob/master/Advanced/secretsanta-cordapp/clients/build.gradle#L19