必须指定 Spring Security authenticationmanager - 用于自定义过滤器

Question

我正在尝试创建自定义用户名密码身份验证过滤器，因为我需要验证来自两个不同来源的密码。我正在使用 Spring Boot 1.2.1 和 Java 配置。我在部署时遇到的错误是

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'customUsernamePasswordAuthenticationFilter' defined in file [/Users/rjmilitante/Documents/eclipse-workspace/login-service/bin/com/elsevier/eols/loginservice/CustomUsernamePasswordAuthenticationFilter.class]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: authenticationManager must be specified
…
Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified

我不确定我错过了什么。我一直在尝试在我的 SecurityConfig 中为此过滤器设置 authenticationManager。我的代码看起来像

我的过滤器：

@Component
public class CustomUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

    public CustomUsernamePasswordAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
        super(requiresAuthenticationRequestMatcher);
        // TODO Auto-generated constructor stub
    }

    public CustomUsernamePasswordAuthenticationFilter() {
        super(new AntPathRequestMatcher("/login","POST"));
        // TODO Auto-generated constructor stub
    }

    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException {
        // String dbValue = request.getParameter("dbParam");
        // request.getSession().setAttribute("dbValue", dbValue);
        System.out.println("attempting to authentificate");
        while (request.getAttributeNames().hasMoreElements()) {
            String e = (String) request.getAttributeNames().nextElement();
            System.out.println("param name : " + e + " and param value : " + request.getAttribute(e));
        }
        return null;
    }
}

我的安全配置：

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean(name="loginService")
    public LoginService loginService(){
        return new LoginServiceImpl();
    }

    @Bean( name="myAuthenticationManager")
     @Override
     public AuthenticationManager authenticationManagerBean() throws Exception {
         return super.authenticationManagerBean();
     }

    @Bean
    CustomUsernamePasswordAuthenticationFilter customUsernamePasswordAuthenticationFilter() throws Exception {
        CustomUsernamePasswordAuthenticationFilter customUsernamePasswordAuthenticationFilter = new CustomUsernamePasswordAuthenticationFilter();
        customUsernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
      return customUsernamePasswordAuthenticationFilter;
    }


    @Autowired
    private myAuthenticationProvider myAuthenticationProvider;

    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
        .authorizeRequests()
        .anyRequest().authenticated()
        .and()
        /*.addFilterBefore(customUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)*/;

    }

    public void configure(AuthenticationManagerBuilder auth)  throws Exception {

        auth.authenticationProvider(myAuthenticationProvider);
        }
}

有人可以看看吗？不知道怎么回事。

Answer 1

AbstractAuthenticationProcessingFilter 的 documentation 声明您必须设置 AuthenticationManager。

我建议您尝试在 CustomUsernamePasswordAuthenticationFilter 类中添加以下代码：

@Override
@Autowired
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
    super.setAuthenticationManager(authenticationManager);
}

Answer 2

我实际上已经克服了错误。我只需要从我的自定义过滤器中删除 @Component 注释。