gpt4 book ai didi

java - Spring Security 中具有多个 http 部分的 NoUniqueBeanDefinitionException

转载 作者:行者123 更新时间:2023-11-29 08:54:45 25 4
gpt4 key购买 nike

我正在编写一个需要多种身份验证机制(基本、x509 和匿名)的 RESTful Web 服务。因此我有三个 <http>三个独立的 spring 上下文文件中的元素。

当我启动我的服务时,出现以下异常:

org.springframework.beans.factory.NoUniqueBeanDefinitionException: 
No qualifying bean of type [org.springframework.security.web.SecurityFilterChain]
is defined: expected single matching bean but found 3:
org.springframework.security.web.DefaultSecurityFilterChain#0,
org.springframework.security.web.DefaultSecurityFilterChain#1,
org.springframework.security.web.DefaultSecurityFilterChain#2

我觉得这很有道理,对吧?我已经定义了三个 元素,因此 spring 可能会创建三个 org.springframework.security.web.DefaultSecurityFilterChain 实例。现在有人要求类型为 org.springframework.security.web.SecurityFilterChain 的 bean,并找到了三个。

但是,according to Spring Security documentation ,这应该是可能的,所以我的问题是:如何让这种情况发挥作用?

这是我的三个<http>配置:

x509Auth.xml:

<sec:http pattern="/service/x509/**" use-expressions="true">
<sec:x509 subject-principal-regex="(.*)" user-service-ref="ldapUserDetailsService" />
<sec:intercept-url pattern="/service/x509/identity/**" access="hasRole('Domain Users')" />
</sec:http>

basicAuth.xml:

<sec:http pattern="/anubis/basic/**" use-expressions="true" create-session="stateless">
<sec:intercept-url pattern="/service/basic/identity/**" access="isAuthenticated()" />
<sec:http-basic />
</sec:http>

noAuth.xml:

<sec:http pattern="/service/anonymous/**" security="none" />

最佳答案

感谢this InfoQ post ,我了解到新的灵 active 带来了新的责任。因为你可以有多个 <http>现在,您还可以拥有多个身份验证管理器。这需要我们告诉 spring 每个 <http> 对应哪个认证管理器。元素。

这是我现在可以使用的 spring 配置:

<!-- This section configures X509 Certificate Authentication -->
<sec:http
pattern="/service/x509/**"
use-expressions="true"
authentication-manager-ref="ldapAuthenticationManager">
<sec:x509 subject-principal-regex="(.*)" user-service-ref="ldapUserDetailsService" />
<sec:intercept-url pattern="/service/x509/identity/**" access="hasRole('Domain Users')" />
</sec:http>

<sec:authentication-manager alias="ldapAuthenticationManager">
<sec:authentication-provider user-service-ref="ldapUserDetailsService" />
</sec:authentication-manager>

<!-- This section configures BASIC Authentication -->
<sec:http
pattern="/service/basic/**"
use-expressions="true"
create-session="stateless"
authentication-manager-ref="mongoAuthenticationManager">
<sec:http-basic />
<sec:intercept-url pattern="/service/basic/identity/**" access="isAuthenticated()" />
</sec:http>

<sec:authentication-manager alias="mongoAuthenticationManager">
<sec:authentication-provider user-service-ref="mongoUserDetailsService" />
</sec:authentication-manager>

<!-- This section configures NO Authentication -->
<sec:http pattern="/service/anonymous/**" security="none" />

关于java - Spring Security 中具有多个 http 部分的 NoUniqueBeanDefinitionException,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20863943/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com