如何将自定义的DaoAuthenticationProvider加载到Spring Context中？

Question

我在Spring Security中遇到这个问题。

我有一个带有SecurityConfig类的java-config实现，该实现扩展了WebSecurityConfigurerAdapter。

在此类中，我想覆盖方法“ configure（）”

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
        provider.setPasswordEncoder(passwordEncoder());
        provider.setUserDetailsService(securityService);
        auth.authenticationProvider(provider);
    }

    //...

}   

一切都OK，并且有效。

问题是“ MyDaoAuthenticationProvider”组件未在Spring Context上加载。因此，我无法在此类中注入或自动接线任何组件：

public class MyDaoAuthenticationProvider extends DaoAuthenticationProvider {

    @Autowired
    AuthenticationHandler authenticationHandler;    // <- authenticationHandler is null, is not resolved

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        authenticationHandler.authenticate(authentication);    // <- NullPointerException in this point
    }

}

这是AuthenticationHandler类：

@Component
public class AuthenticationHandler {

    public void authenticate (Authentication authentication) {
        // do stuff
    }

}

如果将@Component放在MyDaoAuthenticationProvider类上，并在SecurityConfig类中添加@Autowired批注：

@Autowired
MyDaoAuthenticationProvider provider;

应用程序在启动时因以下错误而崩溃：

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDaoAuthenticationProvider' defined in file [...\MyDaoAuthenticationProvider.class]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A UserDetailsService must be set
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:446)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:328)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: A UserDetailsService must be set
    at org.springframework.util.Assert.notNull(Assert.java:115)
    at org.springframework.security.authentication.dao.DaoAuthenticationProvider.doAfterPropertiesSet(DaoAuthenticationProvider.java:105)
    at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.afterPropertiesSet(AbstractUserDetailsAuthenticationProvider.java:122)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574)
    ... 21 more

我该怎么做才能解决此问题？谢谢。

编辑

解

多亏了OrangeDog，我解决了此实现的问题：

@Bean
public MyDaoAuthenticationProvider myAuthProvider() throws Exception {
    MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
    provider.setPasswordEncoder(passwordEncoder());
    provider.setUserDetailsService(securityService);
    return provider;
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(myAuthProvider());
}

使用此配置，可以正确初始化Bean，并且不再出现错误“ java.lang.IllegalArgumentException：必须设置UserDetailsS​​ervice”。

此外，该Bean已加载到Spring Context中，因此可以正确解析DaoAuthenticationProvider中所有注入的组件。

Answer 1

创建名称为“ myDaoAuthenticationProvider”的bean时出错[...]必须设置UserDetailsS​​ervice

您MyDaoAuthenticationProvider没有UserDetailsService。您必须实现，注入和/或设置一个。例如，不使用@Component：

@Bean
public MyDaoAuthenticationProvider myAuthProvider() {
    MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
    provider.setPasswordEncoder(passwordEncoder());
    provider.setUserDetailsService(securityService);
    return provider;
}

然后，您需要停止在您的configure方法中创建另一个。

如果您不认为自己需要一个，则可能不应该实施DaoAuthenticationProvider。也许您实际上是想实现泛型AuthenticationProvider或使用其其他实现类。