如何在Spring Boot

时间:2017-01-13 03:43:13

标签: spring spring-boot spring-security javabeans autowired

更新

我是Spring的初学者,我尝试使用基于Java的配置实现spring安全性应用程序。但现在我必须控制bean的创建顺序和应用程序的组件扫描。

这是我的配置类

@EnableWebSecurity
@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    public Md5PasswordEncoder passwordEncoder() {
        return new Md5PasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().cacheControl();
        http.csrf().disable()
                .authorizeRequests()
                .antMatchers("/authProxy").permitAll()
                .antMatchers(HttpMethod.POST,"/login").permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilterBefore(new JWTLoginFilter(authenticationManager()), UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }
}

这是JWTLoginFilter 

public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {

    private TokenAuthenticationService tokenAuthenticationService;

    public JWTLoginFilter(AuthenticationManager authenticationManager) {
        super(new AntPathRequestMatcher("/login"));
        setAuthenticationManager(authenticationManager);
        tokenAuthenticationService = new TokenAuthenticationService();
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse)
            throws AuthenticationException, IOException, ServletException {

        AccountCredentials credentials = new ObjectMapper().readValue(httpServletRequest.getInputStream(), AccountCredentials.class);

        final Authentication authentication = getAuthenticationManager()
                .authenticate(new UsernamePasswordAuthenticationToken(credentials.getUsername(),
                        credentials.getPassword()));
        SecurityContextHolder.getContext().setAuthentication(authentication);
        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(credentials.getUsername(), credentials.getPassword());
        return getAuthenticationManager().authenticate(token);
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authentication)
            throws IOException, ServletException {
        String name = authentication.getName();
        tokenAuthenticationService.addAuthentication(response, name);
    }
}

这很好用。 但是当我尝试使用JWTLoginFilter注释声明@Service作为服务并且我正在尝试自动加载时,一切都会出错。

我所做的更改跟随。

这是配置类。

@EnableWebSecurity
@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    public Md5PasswordEncoder passwordEncoder() {
        return new Md5PasswordEncoder();
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Autowired
    JWTLoginFilter jwtLoginFilter;


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().cacheControl();
        http.csrf().disable()
                .authorizeRequests()
                .antMatchers("/authProxy").permitAll()
                .antMatchers(HttpMethod.POST,"/login").permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilterBefore(jwtLoginFilter, UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }
}

这是我的新JWTLoginFilter 

@Service
public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {

    @Autowired
    AuthenticationManager authenticationManager;

    private TokenAuthenticationService tokenAuthenticationService;

    public JWTLoginFilter() {
        super(new AntPathRequestMatcher("/login"));
        setAuthenticationManager(authenticationManager);
        tokenAuthenticationService = new TokenAuthenticationService();
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse)
            throws AuthenticationException, IOException, ServletException {

        AccountCredentials credentials = new ObjectMapper().readValue(httpServletRequest.getInputStream(), AccountCredentials.class);

        final Authentication authentication = getAuthenticationManager()
                .authenticate(new UsernamePasswordAuthenticationToken(credentials.getUsername(),
                        credentials.getPassword()));
        SecurityContextHolder.getContext().setAuthentication(authentication);
        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(credentials.getUsername(), credentials.getPassword());
        return getAuthenticationManager().authenticate(token);
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authentication)
            throws IOException, ServletException {
        String name = authentication.getName();
        tokenAuthenticationService.addAuthentication(response, name);
    }
}

此代码提供称为

的运行时错误 
Error starting Tomcat context. Exception: org.springframework.beans.factory.BeanCreationException. Message: Error creating bean with name 'JWTLoginFilter' defined in file [/media/dilanka/Stuff/CODEBASE/Inspection-Application/Inspection-AuthProxy/target/classes/com/shipxpress/inspection/security/jwt/JWTLoginFilter.class]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: authenticationManager must be specified

错误与我的想法一样,ComponentScan扫描并发起JWTLoginFilter。但那时AuthenticationManager bean还没有创建。所以它不是自动接线。

所以我必须在扫描AuthenticationManager之前创建JWTLoginFilter bean,但这是不可能的,因为它必须在类中创建扩展WebSecurityConfigurerAdapter并且spring允许一个WebSecurityConfigurerAdapter扩展类。所以我不能在另一堂课中发起它。 还

 @Override
        protected void configure(HttpSecurity http) throws Exception {}

必须在WebSecurityConfigurerAdapter扩展类中声明,此方法使用jwtLoginFilter。所以

@Autowired
    JWTLoginFilter jwtLoginFilter;


@Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }


@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().cacheControl();
        http.csrf().disable()
                .authorizeRequests()
                .antMatchers("/authProxy").permitAll()
                .antMatchers(HttpMethod.POST,"/login").permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilterBefore(jwtLoginFilter, UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }

必须在WebSecurityConfig extends WebSecurityConfigurerAdapter class中定义它,并且必须控制应用程序的bean创建和组件扫描序列。有没有人有想法?请帮帮我。

更新 - >

我试图按如下方式实现JWTLoginFilter,

@Service
public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {

    private TokenAuthenticationService tokenAuthenticationService;

    @Autowired
    public JWTLoginFilter(AuthenticationManager authenticationManager) {
        super(new AntPathRequestMatcher("/login"));
    }
...
}

但它会出现以下错误

The dependencies of some of the beans in the application context form a cycle:

┌─────┐
|  JWTLoginFilter defined in file [/media/dilanka/Stuff/CODEBASE/Inspection-Application/DR-136812421-dbchangesSendAsMail/Inspection-Application/Inspection-AuthProxy/target/classes/com/shipxpress/inspection/security/jwt/JWTLoginFilter.class]
↑     ↓
|  webSecurityConfig (field com.shipxpress.inspection.security.jwt.JWTLoginFilter com.shipxpress.inspection.config.WebSecurityConfig.jwtLoginFilter)
└─────┘

我认为问题是,如果我们如上所述自动连接构造函数,那么JWTLoginFilter无法在不创建Configuration bean的情况下创建。但是配置bean需要JWTLoginFilter bean。所以没有JWTLoginFilter bean就无法创建。

感谢。

2 个答案:

答案 0 :(得分:2)

在调用 bean的构造函数之后,

@Autowired注释将被处理。因此,您的异常不依赖于bean创建的顺序。如果需要从构造函数中调用setAuthenticationManager,可以将@Autowired应用于构造函数:

@Service
public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {

    AuthenticationManager authenticationManager;    
    private TokenAuthenticationService tokenAuthenticationService;

    @Autowired
    public JWTLoginFilter(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager; //if you will need this instance in future
        super(new AntPathRequestMatcher("/login"));
        setAuthenticationManager(authenticationManager);
        tokenAuthenticationService = new TokenAuthenticationService();
    }

    ...
}

然后将适当的bean自动传递给构造函数。

另一种解决方案是在@PostConstruct方法中进行所有初始化。在处理@Autowired注释后立即调用此方法:

@Service
public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {

    @Autowired
    AuthenticationManager authenticationManager;    
    private TokenAuthenticationService tokenAuthenticationService;

    public JWTLoginFilter(){
        super(new AntPathRequestMatcher("/login"));
    }

    @PostConstruct
    public void postConstruct() {
        setAuthenticationManager(authenticationManager);
        tokenAuthenticationService = new TokenAuthenticationService();
    }

    ...
}

答案 1 :(得分:0)

  • Spring Boot有多个条件注释可以像@ConditionalOnBean一样用来控制bean创建的顺序

  • 查看所有可用条件的org.springframework.boot.autoconfigure.condition包

  • 对于您的示例,最好的方法是在JWTLoginFilter中构造函数注入AuthenticationManager

相关问题
最新问题