我最近更新了来自RC1的spring-security-3.2.0.RC2,根据博客文章,QUIESCENT_POST_PROCESSOR已被删除。之前我曾经创建过如下所示的AuthenticationManager bean:
@Bean(name = {"defaultAuthenticationManager", "authenticationManager"})
public AuthenticationManager defaultAuthenticationManager() throws Exception {
return new AuthenticationManagerBuilder(null).userDetailsService(context.getBean(MyUserDetailsService.class)).passwordEncoder(new Md5PasswordEncoder()).and().build();
}
所以我把它改成了:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws BeansException, Exception {
auth.userDetailsService(context.getBean(MyUserDetailsService.class)).passwordEncoder(new Md5PasswordEncoder());
}
但遗憾的是我无法再获取AuthenticationManager。我也是这样创建RememberMeAuthenticationFilter:
@Bean(name = { "defaultRememberMeAuthenticationFilter", "rememberMeAuthenticationFilter" })
protected RememberMeAuthenticationFilter defaultRememberMeAuthenticationFilter() throws Exception {
return new RememberMeAuthenticationFilter(defaultAuthenticationManager(), context.getBean(DefaultRememberMeServices.class));
}
所以你可以看到我需要掌握AuthenticationManager,但我不知道如何???
答案 0 :(得分:15)
你真的不需要掌握AuthenticationManager。从the javadoc of HttpSecurity开始,以下内容应该可以正常运行:
@Configuration
@EnableWebSecurity
public class RememberMeSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.and()
.formLogin()
.permitAll()
.and()
// Example Remember Me Configuration
.rememberMe();
}
}
当然,如果您使用的是全局AuthenticationManager,这也可以使用:
@Configuration
@EnableWebSecurity
public class RememberMeSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.and()
.formLogin()
.permitAll()
.and()
// Example Remember Me Configuration
.rememberMe();
}
}
唯一的区别是第一个示例将AuthenticationManger隔离到HttpSecurity,因为第二个示例将允许AuthenticationManager被全局方法安全性或其他HttpSecurity(WebSecurityConfigurerAdapter)使用。
这样做的原因是.rememberMe()将自动找到AuthenticationManager,UserDetailsService并在创建RememberMeAuthenticationFilter时使用它。它还会创建相应的RememberMeServices,因此无需执行此操作。当然,如果你想自定义它,还有.rememberMe()的其他选项,所以请参阅RememberMeConfigurer javadoc以获取更多选项。
如果您真的需要对AuthenticationManager实例的引用,您可以执行以下操作:
@Configuration
@EnableWebSecurity
public class RememberMeSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationManagerBuilder auth;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Bean
public AuthenticationManager authenticationManager() {
return auth.build();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.and()
.formLogin()
.permitAll()
.and()
// Example Remember Me Configuration
.rememberMe();
}
}
如果您想拥有多个AuthenticationManager实例,可以执行以下操作:
@Autowired
private ObjectPostProcessor<Object> opp;
public AuthenticationManager authenticationManager()
throws Exception {
return new AuthenticationManagerBuilder(opp)
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.and()
.build();
}
public AuthenticationManager authenticationManager2()
throws Exception {
return new AuthenticationManagerBuilder(opp)
.inMemoryAuthentication()
.withUser("admin").password("password").roles("ADMIN").and()
.and()
.build();
}
注意除了使用QUIESENT_POST_PROCESSOR而不是使用@Autowired注释使用真正的ObjectPostProcessor
之外,这几乎与你手头的东西相同。PS:感谢您试试RC2!
答案 1 :(得分:3)
公开和访问AuthenticationManager bean的方法如下:
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception
{
return super.authenticationManagerBean();
}