在Spring Security中从spring security xml配置迁移到Java Config。
在扩展WebSecurityConfigurerAdapter的类SecurityConfiguration中。但是,问题是安全过滤器没有使用userDetailsService,特别是UsernamePasswordAuthenticationFilter。我查看了启动,似乎在Spring引导创建默认的InMemoryUserDetailsManager之前没有创建它。
@Configuration
@EnableWebMvcSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http)
throws Exception {
http.userDetailsService(userDetailsService);
}
}
我还尝试使用自定义注入的ApplicationUserDetailsService覆盖此类中的userDetailsServiceBean和userDetailsService。
@Bean(name="myUserDetailsBean")
@Override
public UserDetailsService userDetailsServiceBean() {
return userDetailsService;
}
@Override
public UserDetailsService userDetailsService() {
return userDetailsService;
}
但是,当我尝试覆盖authenticationManagerBean时,看起来它在spring boot配置初始化之前调用了我的配置,但它在初始化UsernamePasswordAuthenticationFilter时抛出了一个错误(如下所示)。我是否真的需要覆盖authenticationManagerBean,因为我需要定义UsernamePasswordAuthenticationFilter中的内容。
@Bean(name="myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
...
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]: Circular reference involving containing bean 'securityBeansConfiguration' - consider declaring the factory method as static for independence from its containing instance. Factory method 'usernamePasswordAuthenticationFilter' threw exception; nested exception is java.lang.IllegalArgumentException: successHandler cannot be null
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
... 70 common frames omitted
想法?
答案 0 :(得分:0)
您可以通过简单的方式覆盖UserDetailsService
import com.dog.care.domain.User;
import com.dog.care.repository.UserRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;
import javax.inject.Inject;
import java.util.Optional;
@Component("userDetailsService")
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
private final Logger log = LoggerFactory.getLogger(UserDetailsService.class);
@Inject
private UserRepository userRepository;
@Override
@Transactional
public UserDetails loadUserByUsername(final String login) {
log.debug("Authenticating {}", login);
String lowercaseLogin = login.toLowerCase();
Optional<User> userFromDatabase = userRepository.findOneByLogin(lowercaseLogin);
return userFromDatabase.map(user -> {
if (!user.getActivated()) {
throw new UserNotActivatedException("User " + lowercaseLogin + " was not activated");
}
return new CustomUserDetails(user);
}).orElseThrow(() -> new UsernameNotFoundException("User " + lowercaseLogin + " was not found in the database"));
}
}
这很重要:@Component(“userDetailsService”)
由于 亚历山大