Question

在尝试使用带有AuthenticationSuccessHandler的spring security 4.2.3时，我遇到了一些问题：

创建名为'customWebSecurityConfigurerAdapter'的bean时出错：通过现场表达的不满意的依赖性 'customAuthenticationSuccesshandler';嵌套异常是 org.springframework.beans.factory.NoSuchBeanDefinitionException：没有合格的bean类型 'com.test.smsportal.common.filter.CustomAuthenticationSuccessHandler'。

奇怪的是我已经为成功处理程序声明了@Component。

下面是我的CustomAuthenticationSuccessHandler：

package com.test.smsportal.common.filter;

@Component
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws IOException {
        Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
        if (roles.contains("ADMIN")) {
            response.sendRedirect("admin/home.html");
        } else if (roles.contains("USER")) {
            response.sendRedirect("static/user.html");
        }
    }
}

以下是WebSecurityConfigurerAdapter：

package com.test.smsportal.configuration;

import com.test.smsportal.common.filter.CustomAuthenticationSuccessHandler;

@EnableWebSecurity
@Configuration
public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Autowired
    CustomAuthenticationSuccessHandler customAuthenticationSuccesshandler;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("user") // #1
                .password("password").roles("USER").and().withUser("admin") // #2
                .password("password").roles("ADMIN", "USER");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/public/**"); // #3
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeRequests().antMatchers("/signup", "/about").permitAll() // #4
                .antMatchers("/admin/**").hasRole("ADMIN")// #6
                .anyRequest().authenticated() // 7
                .and().formLogin() // #8
                .loginPage("/login") // #9
                .successHandler(customAuthenticationSuccesshandler); // #5
                //.permitAll().defaultSuccessUrl("/static/user.html");
    }
}

以下是我的WebMvcConfigurerAdapter：

package com.sgx.smsportal.configuration;

@Configuration
@EnableWebMvc
@ComponentScan(basePackages = { "com.test.smsportal.controller", 
"com.test.smsportal.service", "com.test.smsportal.dao",
    "com.test.smsportal.common.filter" })
public class MvcConfiguration extends WebMvcConfigurerAdapter {
 //something
}

Answer 1

@ComponentScan中的问题MvcConfiguration并未涵盖包com.test.smsportal.configuration，而CustomWebSecurityConfigurerAdapter也未包含@ComponentScan封面com.test.smsportal.common.filter

你可以做

@Configuration
@EnableWebMvc
@ComponentScan(basePackages = { "com.test.smsportal.controller", 
"com.test.smsportal.service", "com.test.smsportal.dao",
    "com.test.smsportal.common.filter", "com.test.smsportal.configuration"})
public class MvcConfiguration extends WebMvcConfigurerAdapter {
 //something
}

或

@Configuration
@EnableWebMvc
@ComponentScan(basePackages = { "com.test.smsportal.controller", 
"com.test.smsportal.service", "com.test.smsportal.dao",
    "com.test.smsportal.common.filter"})
@Import({CustomWebSecurityConfigurerAdapter.class})
public class MvcConfiguration extends WebMvcConfigurerAdapter {
 //something
}

或

@EnableWebSecurity
@Configuration
@ComponentScan(basePackages = { "com.test.smsportal.common.filter" })
public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

}

AuthenticationSuccessHandler不会警告符合条件的bean

1 个答案: