将spring.xml转换为基于Java的安全性配置类

时间:2016-11-12 13:48:11

标签: xml spring-security spring-boot

我正在尝试将Spring Security实现到Spring Boot应用程序中。我一直在尝试将Spring XML转换为SecurityConfig类。

以下是XML配置。

<?xml version="1.0" encoding="UTF-8"?>
<bean:beans
    xmlns:bean="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:c="http://www.springframework.org/schema/c"
    xmlns="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-4.0.xsd">

    <!--
    Applies to root appContext beans only, for MVC Controllers is this declaration repeated in MVC config.
    Actually, we currently don't need this as we have on annotation outside of MVC.
    There is more here that can go wrong. If you use interface-based proxy (our demo uses CGLib), you may
    need to add proxy-target-class="true" as well. Book "Spring Security 3.1", Chapter 10, Fine-grained
    Access Control, from header "Method security on Spring MVC controllers" on discusses these topics.
    -->
    <global-method-security secured-annotations="enabled"/>

    <http realm="Protected API"
        use-expressions="true"
        create-session="stateless"
        entry-point-ref="unauthorizedEntryPoint"
        authentication-manager-ref="restAuthenticationManager">

        <!--
        Added after moving to Spring Boot 1.3 + Spring Security 4.x,
        otherwise we could not login with basic auth because of: Expected CSRF token not found
        TODO: Please, mind, that I did not migrate this XML to Spring Security 4.x except for this element
        -->
        <csrf disabled="true"/>

        <!--
        This is not easily possible, because it causes:
        DEBUG o.s.s.w.a.ExceptionTranslationFilter - Authentication exception occurred; redirecting to authentication entry point
        org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
        -->
        <!--<anonymous enabled="false"/>-->
        <custom-filter ref="restAuthenticationFilter" position="FORM_LOGIN_FILTER"/>

        <intercept-url pattern="/*" access="permitAll"/>
        <intercept-url pattern="/secure/**" access="isFullyAuthenticated()"/>
    </http>

    <bean:bean id="unauthorizedEntryPoint" class="com.github.virgo47.respsec.main.restsec.UnauthorizedEntryPoint"/>

    <bean:bean id="userDetailService" class="com.github.virgo47.respsec.main.secimpl.MyUserDetailsService"/>

    <authentication-manager id="restAuthenticationManager">
        <authentication-provider user-service-ref="userDetailService">
            <!--
            Default password encoder is PlaintextPasswordEncoder, which fits with our hardcoded users.
            Obviously not a good choice otherwise.
            -->
        </authentication-provider>
    </authentication-manager>

    <bean:bean id="tokenManager" class="com.github.virgo47.respsec.main.secimpl.TokenManagerSingle"/>

    <bean:bean id="authenticationService" class="com.github.virgo47.respsec.main.secimpl.AuthenticationServiceDefault"
        c:authenticationManager-ref="restAuthenticationManager" c:tokenManager-ref="tokenManager"/>

    <bean:bean id="restAuthenticationFilter" class="com.github.virgo47.respsec.main.restsec.TokenAuthenticationFilter"
        c:authenticationService-ref="authenticationService" c:logoutLink="/logout"/>
</bean:beans>

这是我写的安全配置:

@Configuration
@EnableWebSecurity
@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class})
@Order(1)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UnauthorizedEntryPoint unauthorizedEntryPoint;

    @Autowired
    private ChecklistUserDetailsService checklistUserDetailsService;

    @Autowired
    private TokenManagerSingle tokenManager;

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    private ChecklistUserRepository checklistUserRepository;

    @Bean
    public UnauthorizedEntryPoint unauthorizedEntryPoint() {
        return new UnauthorizedEntryPoint();
    }

    @Bean
    public AuthenticationService authenticationService() {
        return ;
    }
    @Bean
    public AuthenticationEntryPoint unauthorizedEntryPoint() {
        return new RestApiAuthenticationEntryPoint();
    }

    @Bean
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
                .addFilterBefore(anonymousFilter(), AnonymousAuthenticationFilter.class)
                .csrf().disable() //TODO: CSRF should not be disabled. JIRA issue IN-163 tracks this.
                .x509() // Go with default Spring settings for X509
                    .and()
                .exceptionHandling()
                    .authenticationEntryPoint(unauthorizedEntryPoint())
                    .and()
                .authorizeRequests()
                    .antMatchers(HttpMethod.POST, "/checklists").fullyAuthenticated()
                    .antMatchers(HttpMethod.GET, "/checklists").anonymous()
                    .antMatchers(HttpMethod.POST, "checklists/login").permitAll()
    }

    @Autowired
    public void configureAuth(AuthenticationManagerBuilder auth) {
        try {
            auth.userDetailsService(userDetailsService())
                    .passwordEncoder(passwordEncoder());
        } catch (Exception e) {
            final String msg = "Exception occurred while configuring AuthenticationManagerBuilder: " + e.toString();
            throw new RuntimeException(msg, e.getCause());
        }
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

错误:

No qualifying bean of type 'life.plank.snap.security.impl.TokenManagerSingle'

1 个答案:

答案 0 :(得分:0)

我认为你需要:

创建com.github.virgo47.respsec.main.secimpl.TokenManagerSingle的bean返回新类,将这些行放在配置中:

@Bean
public TokenManagerSingle tokenManager(){
    return new TokenManagerSingle();
}