gpt4 book ai didi

java - Spring Security 身份验证管理器不会被自定义过滤器选中

转载 作者:搜寻专家 更新时间:2023-11-01 01:27:07 25 4
gpt4 key购买 nike

我正在尝试创建一个自定义过滤器来处理身份验证,因为我不得不结合使用 AD 和本地数据库(arg!)来确定访问权限。我正在使用官方文档,主要针对此特定问题 this part .

但是,当我运行我的服务器时,它提示 AuthenticationManager 为 null,而我相信我在 XML 中设置它,如前所述 in this SO question .我在这里错过了什么?

异常:

SEVERE: Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myUsernamePasswordAuthenticationFilter' defined in file [*snip*]:
Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: authenticationManager must be specified
...
Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified
at org.springframework.util.Assert.notNull(Assert.java:112)

XML:(带有一些简化的类名)

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<context:property-placeholder location="classpath*:META-INF/spring/*.properties" />
<context:spring-configured />
<context:component-scan base-package="myapp" />

<!-- Spring Security Configuration. -->
<sec:http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint"
access-denied-page="/denied.jsp">
<sec:custom-filter position="FORM_LOGIN_FILTER" ref="myAuthenticationFilter" />

<sec:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<sec:intercept-url pattern="/404.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<sec:intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<sec:intercept-url pattern="/**" access="ROLE_USER" />

<sec:logout logout-url="/logout" logout-success-url="/login" />
</sec:http>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="myAuthenticationProvider" />
</sec:authentication-manager>

<bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login" />
</bean>
<bean id="myAuthenticationFilter" class="myapp.MyUsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<bean id="myAuthenticationProvider" class="myapp.MyAuthenticationProvider" />

过滤器:

@Component
public class MyUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
public AdminUsernamePasswordAuthenticationFilter() {
super("/login");
}

@Override
public Authentication attemptAuthentication(final HttpServletRequest request,
final HttpServletResponse response) throws AuthenticationException {
// stuff and:
return getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(
login, request.getParameter("password")));
}
}

AuthenticationProvider:

@Component
public class MyAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
// all the funky AD+DB code
return null;
}

@Override
public boolean supports(final Class<?> clazz) {
return true;
}
}

我正在运行 Java 6,最新的 Spring Security (3.1.4.RELEASE) 和 Spring (3.2.3.RELEASE) 版本,在 Tomcat v6 服务器上运行。不同的 Spring 版本似乎不是问题 ( related SO question )。如果这会成为一个问题,那么如果您想使用 Spring Security 就必须运行 Spring 3.1.4 只是 meh...

一些我尝试过但无济于事的东西:

  1. 我尝试放弃 <sec:authentication-manager />如前所述,支持普通 bean here (bottom answer) .
  2. 我尝试以各种组合添加 bean id、名称、authentication-manager-refs。

最佳答案

啊...我发现了许多人在 Spring 中犯的基本错误。您的 bean MyUsernamePasswordAuthenticationFilter 在 XML 中定义,这是正确的。但是,您还通过 @Component 注释对它进行了注释,这意味着它被 component scan 挑选并注册为另一个 bean 定义。来自此定义的 bean 实例实际上不会初始化其 authenticationManager 依赖项。

只需删除 MyUsernamePasswordAuthenticationFilter 中的 @Component 注释,就可以了。

关于java - Spring Security 身份验证管理器不会被自定义过滤器选中,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17127119/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com