找不到 Spring 框架安全 bean“AuthenticationManager”
Posted
技术标签:
【中文标题】找不到 Spring 框架安全 bean“AuthenticationManager”【英文标题】:Spring framework security bean "AuthenticationManager" not found 【发布时间】:2021-01-02 02:35:48 【问题描述】:我将 OAuth2 与 Spring Boot 一起使用。我是 Oauth 的新手。我得到这个考虑在你的配置中定义一个'org.springframework.security.authentication.AuthenticationManager'类型的bean在运行我的spring boot应用程序时出现异常。我在 *** 中看到了其他一些已回答的问题,但它们并没有满足我的需求。我正在使用 Spring Boot 版本 2.3.3.RELEASE。我正在参考这个Repository。我刚刚更新了我的应用程序的版本。这是我面临这个问题的班级:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
@EnableAuthorizationServer
@Configuration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception
clients.inMemory().withClient("ClientId").secret("secret").authorizedGrantTypes("authorization_code")
.scopes("user_info").autoApprove(true);
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception
endpoints.authenticationManager(authenticationManager);
如果我创建一个这样的 bean。 :
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception
return super.authenticationManagerBean();
它已经解决了我对扩展 WebSecurityConfigurerAdapter 的类的错误,但我的其他类扩展了 AuthorizationServerConfigurerAdapter,对于此类,解决方案不起作用 我收到一条警告,提示 AuthorizationServerConfigurerAdapter 类型的方法 authenticationManagerBean() 未定义。你能帮帮我吗?
【问题讨论】:
【参考方案1】:您正在覆盖 AuthorizationServerConfigurerAdapter 中不存在的方法,因此错误。
如您所见,AuthorizationServerConfigurerAdapter 仅定义具有 3 个签名的 configure 方法:
public class AuthorizationServerConfigurerAdapter implements AuthorizationServerConfigurer
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception
【讨论】:
这 3 个方法只有一个覆盖。我没明白你想说什么。请你再看看班。 authenticationManagerBean 方法在 WebSecurityConfigurerAdapter 中定义,但在 AuthorizationServerConfigurerAdapter 和 AuthorizationServerConfigurer 中均未定义。 @Override 从继承的 Class 或实现的 Interface 中覆盖现有方法。 您必须从 AuthenticationManager bean 定义中删除 @Override 即使我删除了@Override 注释,也不能解决我的问题。在我的问题的最后几行中,我描述了我收到的警告仍未解决。【参考方案2】:我已经通过像这样更新我的 AuthorizationServerConfig.java 类和 ResourceServerConfig.java 类解决了这个问题:
AuthorizationServerConfig.java 类:
package com.ab.security.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
@EnableAuthorizationServer
@Configuration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception
clients.inMemory().withClient("ClientId").secret("secret").authorizedGrantTypes("authorization_code")
.scopes("user_info").autoApprove(true);
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception
endpoints.authenticationManager(authenticationManager);
ResourceServerConfig.java 类:
package com.ab.security.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
@EnableResourceServer
@Configuration
public class ResourceServerConfig extends WebSecurityConfigurerAdapter
@Override
protected void configure(HttpSecurity http) throws Exception
http.requestMatchers().antMatchers("/login", "/oauth/authorize").and().authorizeRequests().anyRequest()
.authenticated().and().formLogin().permitAll();
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
auth.parentAuthenticationManager(authenticationManagerBean()).inMemoryAuthentication().withUser("Peter")
.password("peter").roles("USER");
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception
return super.authenticationManagerBean();
【讨论】:
以上是关于找不到 Spring 框架安全 bean“AuthenticationManager”的主要内容,如果未能解决你的问题,请参考以下文章
Spring 安全错误:没有名为“springSecurityFilterChain”的 bean 可用
使用spring“cvc-elt.1:找不到元素'beans'的声明”获取错误消息。
Spring Securities Test 找不到 Bean 错误