所以我一直在尝试在一个简单的Spring MVC应用程序中实现oAuth2。
在我遵循的指南中,在他们的AuthorizationServerConfigurerAdapter中,他们@Autowired AuthenticationManager.他们使用Spring Boot版本1.5.2。
我想使用 Spring Boot 2.0.0,因为这是最新版本,所以我想学习最新的实践。但是,在我的pom中.xml当我改变时:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
自:
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
,我无法自动AuthenticationManager
Could not autowire. No beans of 'AuthenticationManager' type found.
有人能想出解决方案吗?
谢谢!
如果要
继续使用引导启动程序包,根据发行说明,您需要覆盖WebSecurityConfigurerAdapter中的authanticationManagerBean方法。这里的代码示例:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
在最新版本的 Spring Boot 2.7.2 中,类 WebSecurityConfigurerAdapter 被弃用,你必须使用新的样式来编写安全配置,
没有 WebSecurityConfigurerAdapter 的 Spring 安全性
话虽如此,如下所示的内容适用于我 Spring Boot 2.7.2 .我有一个 JWT 令牌过滤器,需要插入以验证传入的 JWT 令牌。试图突出 - SecurityFilterChain & AuthenticationConfiguration
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;
//import my custom jwt class package;
import lombok.RequiredArgsConstructor;
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class WebSecurityConfig {
private final AuthenticationConfiguration authConfiguration;
@Bean
public AuthenticationManager authenticationManager() throws Exception {
return authConfiguration.getAuthenticationManager();
}
@Autowired
public void configure(AuthenticationManagerBuilder builder, AuthenticationProvider jwtAuthenticationProvider) {
builder.authenticationProvider(jwtAuthenticationProvider);
}
@Bean
public SecurityFilterChain configure(HttpSecurity http, AuthenticationEntryPoint authenticationEntryPoint,
RequestMatcher requestMatcher)
throws Exception {
http.cors().and().csrf().disable().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, List.of("/favicon.ico", "/**/*.html").toArray(new String[0])).permitAll();
AbstractAuthenticationProcessingFilter jwtFilter = new MyCustomClass(requestMatcher);
jwtFilter.setAuthenticationManager(authenticationManager());
http.addFilterBefore(jwtFilter, BasicAuthenticationFilter.class);
return http.build();
}
}