Spring安全性：如何配置过滤器？

Question

我是Spring的新手，但我尝试使用额外的字段和REST身份验证创建扩展登录表单。我有自定义AuthenticationProcessingFilter：

public class CustomAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
public CustomAuthenticationProcessingFilter() {
    super(new AntPathRequestMatcher("/login", "POST"));
}

private static final String USERNAME_PARAM_KEY   = "username";
private static final String PASSWORD_PARAM_KEY   = "password";
private static final String DEPARTMENT_PARAM_KEY = "department";
private static final String POSITION_PARAM_KEY   = "position";

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
    String username   = request.getParameter(USERNAME_PARAM_KEY);
    String password   = request.getParameter(PASSWORD_PARAM_KEY);
    Long   department = Long.valueOf(request.getParameter(DEPARTMENT_PARAM_KEY));
    Long   position   = Long.valueOf(request.getParameter(POSITION_PARAM_KEY));
    //custom AuthenticationToken to handle additional fields
    UserSecurityAuthenticationToken userToken = new UserSecurityAuthenticationToken (username, password, department, position);

    return userToken;
   }
}

我想在此拦截额外的登录字段，并在自定义AuthenticationProvider中处理它们：

@Component
public class CustomUserDetailsAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
    @Autowired
    private AuthentificationService authService;

    @Override
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { }

    @Override
    protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        UserSecurityAuthenticationToken token = (UserSecurityAuthenticationToken) authentication;
        return authService.authentificate(token.getName().toString(), token.getCredentials().toString(), token.getDepartment(), token.getPosition());
    }
}

我尝试使用ApplicationSecurity在JavaConfig类中配置过滤器和提供程序：

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
    @Autowired
    private CustomUserDetailsAuthenticationProvider authenticationProvider;
    @Autowired
    private RESTAuthenticationEntryPoint authenticationEntryPoint;
    @Autowired
    private RESTAuthenticationFailureHandler authenticationFailureHandler;
    @Autowired
    private RESTAuthenticationSuccessHandler authenticationSuccessHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/rest/**").authenticated();

        http.addFilter(tokenProcessingFilter());
        http.authenticationProvider(authenticationProvider);

        http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
        http.formLogin().successHandler(authenticationSuccessHandler);
        http.formLogin().failureHandler(authenticationFailureHandler);
        http.logout().logoutSuccessUrl("/");

        http.csrf().disable();
    }

    @Bean(name="myAuthenticationManager")
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public CustomAuthenticationProcessingFilter tokenProcessingFilter() throws Exception {
        CustomAuthenticationProcessingFilter tokenProcessingFilter = new CustomAuthenticationProcessingFilter();
        tokenProcessingFilter.setAuthenticationManager(authenticationManagerBean());
        return tokenProcessingFilter;
    }
}

但是当我尝试构建项目时，我收到了一个例外：

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built

我的Application课程：

@Configuration
@ComponentScan
@EnableAutoConfiguration
@SpringBootApplication
@EnableWebMvc
public class Application extends WebMvcAutoConfiguration.WebMvcAutoConfigurationAdapter {
    @Bean
    public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
        return new ApplicationSecurity();
    }
    public static void main(String[] args) throws Exception {
        SpringApplication.run(Application.class, args);
    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/static/**").addResourceLocations("classpath:static/");
        registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
    }
}

我做错了什么？