我对整个Spring Security事情都很陌生,我试图建立一个使用预身份验证的网站。我已经关注了一些示例和教程,我认为它进展顺利。但我坚持一件事。
当我浏览.jsp页面时,一切正常。我可以访问" public"页面,我得到"访问被拒绝"当我试图访问"私人"页面(我还没有完成私人页面的过滤器)。
但是,如果我在导航时检查日志,每次访问页面时都会收到相同的错误:
org.springframework.security.authentication.ProviderNotFoundException:找不到org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
的AuthenticationProvider
问题是,我有一个提供者,或者至少我是这么认为的。
SecurityConfig.java:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean(name = "myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception
{
return super.authenticationManagerBean();
}
@Bean
public AccessDecisionManager accessDecisionManager()
{
List<AccessDecisionVoter<? extends Object>> decisionVoters
= Arrays.asList(new RoleVoter());
return new AffirmativeBased(decisionVoters);
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception
{
PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
DlaUserDetailsService userDetailsService = new DlaUserDetailsService();
provider.setPreAuthenticatedUserDetailsService(userDetailsService);
auth.authenticationProvider(provider);
}
@Override
public void configure(HttpSecurity http) throws Exception
{
DlaSpringMvcFilter filter = new DlaSpringMvcFilter();
AuthenticationManager authenticationManager = this.authenticationManager();
filter.setAuthenticationManager(authenticationManager);
http.addFilter(filter).authorizeRequests()
.antMatchers("/private/**").hasRole("ADMIN")
.antMatchers("/public/**").permitAll();
http.csrf().disable();
}
}
我在这里做错了什么?我错过了什么吗?