spring security custom xhtml。 authenticationManager始终为null

Question

我需要创建自定义xhtml登录表单。配置不带xml注释的spring，但authenticationManager始终为null

登录表单

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org" xmlns:p="http://primefaces.org/ui"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
<head>
<title>Spring Security Example</title>
</head>
<body>

<h:form prependId="false"   >
    <h:outputLabel value="User Id: " for="j_username" />
    <h:inputText id="j_username" label="User Id" required="true"
        value="#{loginBean.userName}" />
    <h:outputLabel value="Password: " for="j_password" />
    <h:inputSecret id="j_password" value="#{loginBean.password}" />
    <h:commandButton value="Submit" action="#{loginBean.login}" />
    </h:form>
    </body>
    </html>

配置

@Configuration
@EnableWebSecurity
@EnableGlobalAuthentication
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests()
            .antMatchers("/home", "/css/**", "/**/*.css*", "/").permitAll()
            .anyRequest().authenticated().and().formLogin()
            .loginPage("/login").permitAll().and().logout()
            .logoutUrl("/logout").invalidateHttpSession(true)
            .logoutSuccessUrl("/");
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
        throws Exception {
    auth.inMemoryAuthentication().withUser("user").password("password")
            .roles("USER");
}

@Bean
public AuthenticationManager authenticationManager() throws Exception {
    return super.authenticationManagerBean();

}
}

想要在LoginBean类中使用@Autowired

 import java.io.IOException;
 import java.io.Serializable;

 import javax.faces.bean.ManagedProperty;
 import javax.inject.Named;
 import javax.servlet.ServletException;

 import org.springframework.context.annotation.Scope;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@Scope("request")
@Component
@Named(value="loginBean")
public class LoginBean implements Serializable {


@Autowired
private AuthenticationManager authenticationManager;

private static final long serialVersionUID = 1L;
private String userName;
private String password;


public String login() {
    try {
        Authentication request = new UsernamePasswordAuthenticationToken(
                this.getUserName(), this.getPassword());
        Authentication result = authenticationManager.authenticate(request);
        SecurityContextHolder.getContext().setAuthentication(result);
    } catch (AuthenticationException e) {
        e.printStackTrace();
    }
    return "secured";
}

public String getUserName() {
    return userName;
}

public void setUserName(String userName) {
    this.userName = userName;
}

public String getPassword() {
    return password;
}

public void setPassword(String password) {
    this.password = password;
}

public AuthenticationManager getAuthenticationManager() {
    return authenticationManager;
}

public void setAuthenticationManager(
        AuthenticationManager authenticationManager) {
    this.authenticationManager = authenticationManager;
}

}

我正在尝试注入authenticationManager

 @ManagedProperty(value = "#{authenticationManager}")
private AuthenticationManager authenticationManager;

或创建构造函数

    @Autowired
 public LoginBean(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}

或在setter中添加@Autowired，authenticationManager始终为null。如何注入authenticationManager？

我不会尝试@ovverride authenticationManagerBean 我找到了春天安全giude，但我不想使用百里香

感谢您的帮助

Answer 1

您的web.xml中是否有以下条目？如果您正在使用@Configuration，则需要它。

<servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextClass</param-name>
        <param-value>
            org.springframework.web.context.support.AnnotationConfigWebApplicationContext
        </param-value>
    </init-param>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
           com.yourClass
        </param-value>
    </init-param>
</servlet>