考虑在配置中定义类型为'org.springframework.security.authentication.AuthenticationManager'的bean

Question

我遵循了这里提到的一些建议,但它对我不起作用.因此,在这里提出问题

1. 如何在自定义筛选器中使用Java配置注入AuthenticationManager
2. Spring需要一个'AuthenticationManager'类型的bean

谁能指导我是什么问题以及如何解决这个问题？

错误:

***************************
APPLICATION FAILED TO START
***************************

Description:

Field authenticationManager in com.techprimers.security.springsecurityauthserver.config.AuthorizationServerConfig required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found.


Action:

Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration.

AuthorizationServerConfig.java

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {

        security.tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()");
    }


    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients
                .inMemory()
                .withClient("ClientId")
                .secret("secret")
                .authorizedGrantTypes("authorization_code")
                .scopes("user_info")
                .autoApprove(true);
    }


    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.authenticationManager(authenticationManager);
    }
}

ResourceServerConfig.java

@EnableResourceServer
@Configuration
public class ResourceServerConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;
    @Autowired
    private UserDetailsService customUserDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.requestMatchers()
                .antMatchers("/login", "/oauth/authorize")
                .and()
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin()
                .permitAll();
    }


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.parentAuthenticationManager(authenticationManager)
                .userDetailsService(customUserDetailsService);
    }
}

代码参考来自https://github.com/TechPrimers/spring-security-oauth-mysql-example,只更新了Spring Boot Parent Version 2.0.4.RELEASE,开始了.

Answer 1

这似乎是Spring Boot 2.0引入的"突破性变化"之一.我相信您的情况在Spring Boot 2.0迁移指南中有所描述.

在你的WebSecurityConfigurerAdapter类中,你需要覆盖authenticationManagerBean方法并用它注释@Bean,即:

@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

而且,在您使用该方法WebSecurityConfigurerAdapter而不是注入AuthenticationManager实例时,即:@AutowiredauthenticationManagerBean()

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception 
{
    auth.parentAuthenticationManager(authenticationManagerBean());
        .userDetailsService(customUserDetailsService);
}

Answer 2

已弃用的“WebSecurityConfigurerAdapter”

由于WebSecurityConfigurerAdapter它已被弃用，您现在可以使用：

@Bean
public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
    return http.getSharedObject(AuthenticationManagerBuilder.class)
            .build();
}

Answer 3

只需将其添加到 AuthenticationManagerBuilder

@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

在需要使用它的控制器中添加以下内容：

@Autowired
private AuthenticationManager authenticationManager;