在Spring Security中具有多个http部分的NoUniqueBeanDefinitionException

时间:2013-12-31 22:48:21

标签: java spring spring-security

我正在编写一个需要多种身份验证机制(基本,x509和匿名)的RESTful Web服务。因此,我在三个独立的弹簧上下文文件中有三个<http>个元素。

当我开始服务时,我遇到以下异常:

org.springframework.beans.factory.NoUniqueBeanDefinitionException: 
No qualifying bean of type [org.springframework.security.web.SecurityFilterChain] 
is defined: expected single matching bean but found 3: 
org.springframework.security.web.DefaultSecurityFilterChain#0,
org.springframework.security.web.DefaultSecurityFilterChain#1,
org.springframework.security.web.DefaultSecurityFilterChain#2

我认为这是有道理的,对吧?我已经定义了三个&lt; http&gt;因此,spring可能会创建org.springframework.security.web.DefaultSecurityFilterChain的三个实例。现在有人要求提供类型为org.springframework.security.web.SecurityFilterChain的bean,并且找到了三个。

但是,according to Spring Security documentation,这应该是可能的,所以我的问题是:我如何让这个场景发挥作用?

以下是我的三个<http>配置:

x509Auth.xml:

<sec:http pattern="/service/x509/**" use-expressions="true">
    <sec:x509 subject-principal-regex="(.*)" user-service-ref="ldapUserDetailsService" />
    <sec:intercept-url pattern="/service/x509/identity/**" access="hasRole('Domain Users')" />
</sec:http>

basicAuth.xml:

<sec:http pattern="/anubis/basic/**" use-expressions="true" create-session="stateless">
    <sec:intercept-url pattern="/service/basic/identity/**" access="isAuthenticated()" />
    <sec:http-basic />
</sec:http>

noAuth.xml:

<sec:http pattern="/service/anonymous/**" security="none" />

1 个答案:

答案 0 :(得分:0)

感谢this InfoQ post,我了解到新的灵活性带来了新的责任。由于您现在可以拥有多个<http>元素,因此您还可以拥有多个身份验证管理器。这要求我们告诉spring哪个身份验证管理器与每个<http>元素一起使用。

这是我现在正在使用的弹簧配置:

<!-- This section configures X509 Certificate Authentication -->
<sec:http
        pattern="/service/x509/**"
        use-expressions="true"
        authentication-manager-ref="ldapAuthenticationManager">
    <sec:x509 subject-principal-regex="(.*)" user-service-ref="ldapUserDetailsService" />
    <sec:intercept-url pattern="/service/x509/identity/**" access="hasRole('Domain Users')" />
</sec:http>

<sec:authentication-manager alias="ldapAuthenticationManager">
    <sec:authentication-provider user-service-ref="ldapUserDetailsService" />
</sec:authentication-manager>

<!-- This section configures BASIC Authentication -->
<sec:http
        pattern="/service/basic/**"
        use-expressions="true"
        create-session="stateless"
        authentication-manager-ref="mongoAuthenticationManager">
    <sec:http-basic />
    <sec:intercept-url pattern="/service/basic/identity/**" access="isAuthenticated()" />
</sec:http>

<sec:authentication-manager alias="mongoAuthenticationManager">
    <sec:authentication-provider user-service-ref="mongoUserDetailsService" />
</sec:authentication-manager>

<!-- This section configures NO Authentication -->
<sec:http pattern="/service/anonymous/**" security="none" />
相关问题
最新问题