Spring Boot，Spring Security 覆盖 UserDetailsS​​ervice

Question

致力于从 Spring Security xml 配置迁移到 Spring Security 中的 Java Config。

在我的扩展 WebSecurityConfigurerAdapter 的类 SecurityConfiguration 中。但是，问题是安全过滤器没有使用 userDetailsS​​ervice，特别是 UsernamePasswordAuthenticationFilter。我查看了启动，似乎在Spring boots创建默认的InMemoryUserDetailsManager之前没有创建。

@Configuration
@EnableWebMvcSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http)
      throws Exception {

      http.userDetailsService(userDetailsService);

    }
}

我还尝试使用自定义注入的 ApplicationUserDetailsS​​ervice 覆盖此类中的 userDetailsS​​erviceBean 和 userDetailsS​​ervice。

@Bean(name="myUserDetailsBean")
@Override
public UserDetailsService userDetailsServiceBean() {
    return userDetailsService;
}

@Override
public UserDetailsService userDetailsService() {

    return userDetailsService;
}

但是，当我尝试覆盖 authenticationManagerBean 时，它看起来像是在 Spring Boot 配置初始化之前调用了我的配置，但它会抛出一个错误（如下），即在初始化 UsernamePasswordAuthenticationFilter 时存在循环引用。我是否真的需要覆盖 authenticationManagerBean，因为我需要定义进入 UsernamePasswordAuthenticationFilter 的内容。

@Bean(name="myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

..

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]: Circular reference involving containing bean 'securityBeansConfiguration' - consider declaring the factory method as static for independence from its containing instance. Factory method 'usernamePasswordAuthenticationFilter' threw exception; nested exception is java.lang.IllegalArgumentException: successHandler cannot be null
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
... 70 common frames omitted

想法？

Answer 1

您好，有一种简单的方法可以覆盖 UserDetailsS​​ervice

import com.dog.care.domain.User;
import com.dog.care.repository.UserRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

import javax.inject.Inject;
import java.util.Optional;

@Component("userDetailsService")
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {

private final Logger log = LoggerFactory.getLogger(UserDetailsService.class);

@Inject
private UserRepository userRepository;

@Override
@Transactional
public UserDetails loadUserByUsername(final String login) {
    log.debug("Authenticating {}", login);
    String lowercaseLogin = login.toLowerCase();
    Optional<User> userFromDatabase =  userRepository.findOneByLogin(lowercaseLogin);
    return userFromDatabase.map(user -> {
        if (!user.getActivated()) {
            throw new UserNotActivatedException("User " + lowercaseLogin + " was not activated");
        }
        return new CustomUserDetails(user);
    }).orElseThrow(() -> new UsernameNotFoundException("User " + lowercaseLogin + " was not found in the database"));
}
}

这很重要：@Component("userDetailsS​​ervice")

谢谢 亚历山大