Java – spring launch security configuration – AuthenticationManager must be specified
•
Java
This is my main application configuration
@SpringBootApplication public class Application { public static void main(String[] args) { new SpringApplicationBuilder(Application.class) .banner((environment,aClass,printStream) -> System.out.println(stringBanner())) .run(); } }
This is my spring security application configuration
@Configuration @EnableGlobalMethodSecurity(prePostEnabled = true) @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private WebServiceAuthenticationEntryPoint unauthorizedHandler; @Autowired private TokenProcessingFilter authTokenProcessingFilter; @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .disable() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // Restful hence stateless .and() .exceptionHandling() .authenticationEntryPoint(unauthorizedHandler) // Notice the entry point .and() .addFilter(authTokenProcessingFilter) // Notice the filter .authorizeRequests() .antMatchers("/resources/**","/api/auth") .permitAll() .antMatchers("/greeting") .hasRole("USER"); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user") .password("password") .roles("USER"); } }
This is my tokenprocessingfilter, which extends the usernamepasswordauthenticationfilter for my custom authentication filter
@Component public class TokenProcessingFilter extends UsernamePasswordAuthenticationFilter { @Override public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws IOException,ServletException { HttpServletRequest httpRequest = this.getAsHttpRequest(request); String authToken = this.extractAuthTokenFromRequest(httpRequest); String userName = TokenUtils.getUserNameFromToken(authToken); if (userName != null) {/* UserDetails userDetails = userDetailsService.loadUserByUsername(userName);*/ UserDetails userDetails = fakeUserDetails(); if (TokenUtils.validateToken(authToken,userDetails)) { UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails.getUsername(),userDetails.getpassword(),userDetails.getAuthorities()); authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest)); SecurityContextHolder.getContext().setAuthentication(authentication); Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); } } chain.doFilter(request,response); } private HttpServletRequest getAsHttpRequest(ServletRequest request){ if (!(request instanceof HttpServletRequest)) { throw new RuntimeException("Expecting an HTTP request"); } return (HttpServletRequest) request; } private String extractAuthTokenFromRequest(HttpServletRequest httpRequest) { /* Get token from header */ String authToken = httpRequest.getHeader("x-auth-token"); /* If token not found get it from request parameter */ if (authToken == null) { authToken = httpRequest.getParameter("token"); } return authToken; } private UserDetails fakeUserDetails(){ UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("user","password"); List<SimpleGrantedAuthority> auth= new ArrayList<>(); auth.add(new SimpleGrantedAuthority("USER")); return new User("user","password",auth); } }
However, when running the application, I encountered this exception message What did I miss?
Solution
You need to set AuthenticationManager on tokenprocessingfilter Instead of using @ component on tokenprocessingfilter, just create it in securityconfig
@Bean TokenProcessingFilter tokenProcessingFilter() { TokenProcessingFilter tokenProcessingFilter = new TokenProcessingFilter(); tokenProcessingFilter.setAuthenticationManager(authenticationManager()); return tokenProcessingFilter; }
and
protected void configure(HttpSecurity http) throws Exception { ... .addFilter(tokenProcessingFilter())
The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
二维码