我正在尝试将Spring Security实现到Spring Boot应用程序中。我一直在尝试将Spring XML
转换为SecurityConfig
类。
以下是XML配置。
<?xml version="1.0" encoding="UTF-8"?>
<bean:beans
xmlns:bean="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:c="http://www.springframework.org/schema/c"
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<!--
Applies to root appContext beans only, for MVC Controllers is this declaration repeated in MVC config.
Actually, we currently don't need this as we have on annotation outside of MVC.
There is more here that can go wrong. If you use interface-based proxy (our demo uses CGLib), you may
need to add proxy-target-class="true" as well. Book "Spring Security 3.1", Chapter 10, Fine-grained
Access Control, from header "Method security on Spring MVC controllers" on discusses these topics.
-->
<global-method-security secured-annotations="enabled"/>
<http realm="Protected API"
use-expressions="true"
create-session="stateless"
entry-point-ref="unauthorizedEntryPoint"
authentication-manager-ref="restAuthenticationManager">
<!--
Added after moving to Spring Boot 1.3 + Spring Security 4.x,
otherwise we could not login with basic auth because of: Expected CSRF token not found
TODO: Please, mind, that I did not migrate this XML to Spring Security 4.x except for this element
-->
<csrf disabled="true"/>
<!--
This is not easily possible, because it causes:
DEBUG o.s.s.w.a.ExceptionTranslationFilter - Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
-->
<!--<anonymous enabled="false"/>-->
<custom-filter ref="restAuthenticationFilter" position="FORM_LOGIN_FILTER"/>
<intercept-url pattern="/*" access="permitAll"/>
<intercept-url pattern="/secure/**" access="isFullyAuthenticated()"/>
</http>
<bean:bean id="unauthorizedEntryPoint" class="com.github.virgo47.respsec.main.restsec.UnauthorizedEntryPoint"/>
<bean:bean id="userDetailService" class="com.github.virgo47.respsec.main.secimpl.MyUserDetailsService"/>
<authentication-manager id="restAuthenticationManager">
<authentication-provider user-service-ref="userDetailService">
<!--
Default password encoder is PlaintextPasswordEncoder, which fits with our hardcoded users.
Obviously not a good choice otherwise.
-->
</authentication-provider>
</authentication-manager>
<bean:bean id="tokenManager" class="com.github.virgo47.respsec.main.secimpl.TokenManagerSingle"/>
<bean:bean id="authenticationService" class="com.github.virgo47.respsec.main.secimpl.AuthenticationServiceDefault"
c:authenticationManager-ref="restAuthenticationManager" c:tokenManager-ref="tokenManager"/>
<bean:bean id="restAuthenticationFilter" class="com.github.virgo47.respsec.main.restsec.TokenAuthenticationFilter"
c:authenticationService-ref="authenticationService" c:logoutLink="/logout"/>
</bean:beans>
这是我写的安全配置:
@Configuration
@EnableWebSecurity
@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class})
@Order(1)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UnauthorizedEntryPoint unauthorizedEntryPoint;
@Autowired
private ChecklistUserDetailsService checklistUserDetailsService;
@Autowired
private TokenManagerSingle tokenManager;
@Autowired
private AuthenticationService authenticationService;
@Autowired
private ChecklistUserRepository checklistUserRepository;
@Bean
public UnauthorizedEntryPoint unauthorizedEntryPoint() {
return new UnauthorizedEntryPoint();
}
@Bean
public AuthenticationService authenticationService() {
return ;
}
@Bean
public AuthenticationEntryPoint unauthorizedEntryPoint() {
return new RestApiAuthenticationEntryPoint();
}
@Bean
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(anonymousFilter(), AnonymousAuthenticationFilter.class)
.csrf().disable() //TODO: CSRF should not be disabled. JIRA issue IN-163 tracks this.
.x509() // Go with default Spring settings for X509
.and()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedEntryPoint())
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/checklists").fullyAuthenticated()
.antMatchers(HttpMethod.GET, "/checklists").anonymous()
.antMatchers(HttpMethod.POST, "checklists/login").permitAll()
}
@Autowired
public void configureAuth(AuthenticationManagerBuilder auth) {
try {
auth.userDetailsService(userDetailsService())
.passwordEncoder(passwordEncoder());
} catch (Exception e) {
final String msg = "Exception occurred while configuring AuthenticationManagerBuilder: " + e.toString();
throw new RuntimeException(msg, e.getCause());
}
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
错误:
No qualifying bean of type 'life.plank.snap.security.impl.TokenManagerSingle'
答案 0 :(得分:0)
我认为你需要:
创建com.github.virgo47.respsec.main.secimpl.TokenManagerSingle
的bean返回新类,将这些行放在配置中:
@Bean
public TokenManagerSingle tokenManager(){
return new TokenManagerSingle();
}