我正在配置Spring Security.为了对用户进行身份验证和授权,我覆盖了WebSecurityConfigurerAdapter的configure(AuthenticationManagerBuilder auth).这很好.下面是我的代码:
I am configuring Spring Security. To authenticate and authorize users, I override configure(AuthenticationManagerBuilder auth) of WebSecurityConfigurerAdapter. This works fine. Below is my code:
@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .userDetailsService(customUserDetailsService) .passwordEncoder(getPasswordEncoder()); }但是,当我尝试启用方法级安全性时,使用@EnableGlobalMethodSecurity(securedEnabled = true)的每个操作都会引发异常:
But when I try to to enable method level security, per action, using @EnableGlobalMethodSecurity(securedEnabled = true) it throws an exception:
未找到AuthenticationManager
No AuthenticationManager found
根据我的理解,AuthenticationManager用于对用户进行身份验证和授权,我已经使用configure(AuthenticationManagerBuilder auth)进行了此操作,而Spring正在注入auth对象本身.
As per my understanding AuthenticationManager is used to authenticate and authorize users, which I was already doing using configure(AuthenticationManagerBuilder auth) and Spring was injecting auth object itself.
为什么我需要手动注册AuthenticationManager?
Why I need to register AuthenticationManager manually?
@Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); }configure(AuthenticationManagerBuilder auth)和authenticationManagerBean()的不同用途是什么?
What are the differennt purposes configure(AuthenticationManagerBuilder auth) and authenticationManagerBean() serves?
我正在扩展WebSecurityConfigurerAdapter.为什么我需要通过覆盖authenticationManagerBean()提供自定义AuthenticationManager.
I am extending WebSecurityConfigurerAdapter. Why I need to provide a custom AuthenticationManager by overriding authenticationManagerBean().
推荐答案您的配置类扩展了 WebSecurityConfigurerAdapter ,它仅配置Web安全性(而非方法安全性):
Your configuration class extends WebSecurityConfigurerAdapter, which only configures web security (not method security):
提供一个方便的基类来创建WebSecurityConfigurer实例.该实现允许通过覆盖方法进行自定义.
Provides a convenient base class for creating a WebSecurityConfigurer instance. The implementation allows customization by overriding methods.
因此,您的AuthenticationManager仅用于网络安全.
So your AuthenticationManager is only used for web security.
如果您想配置(更改默认值)方法安全性,则可以扩展 GlobalMethodSecurityConfiguration :
If you want to configure (change the defaults) method security, you can extend GlobalMethodSecurityConfiguration:
Base Configuration用于启用全局方法安全性.类可以扩展此类以自定义默认值,但必须确保在子类上指定EnableGlobalMethodSecurity批注.
Base Configuration for enabling global method security. Classes may extend this class to customize the defaults, but must be sure to specify the EnableGlobalMethodSecurity annotation on the subclass.
要配置AuthenticationManager的方法安全性,您可以
To configure AuthenticationManager for method security, you can
覆盖 GlobalMethodSecurityConfiguration#configure :
子类可以重写此方法以注册不同类型的身份验证.如果不被覆盖,configure(AuthenticationManagerBuilder)将尝试按类型自动接线.
Sub classes can override this method to register different types of authentication. If not overridden, configure(AuthenticationManagerBuilder) will attempt to autowire by type.
将您的AuthenticationManager暴露为可以由GlobalMethodSecurityConfiguration自动连接的bean,请参见 WebSecurityConfigurerAdapter#authenticationManagerBean :
expose your AuthenticationManager as a bean that can be autowired by GlobalMethodSecurityConfiguration, see WebSecurityConfigurerAdapter#authenticationManagerBean:
重写此方法可将configure(AuthenticationManagerBuilder)中的AuthenticationManager公开为Bean.
Override this method to expose the AuthenticationManager from configure(AuthenticationManagerBuilder) to be exposed as a Bean.
通过自动装配全局AuthenticationManagerBuild仅使用一个全局AuthenticationManager,请参阅 Spring Security 3.2.0.RC2已发布:
use only one global AuthenticationManager by autowiring the global AuthenticationManagerBuild, see Spring Security 3.2.0.RC2 Released:
例如,如果要配置全局身份验证(即,只有一个AuthenticationManager),则应自动连接AuthenticationMangerBuilder:
For example, if you want to configure global authentication (i.e. you only have a single AuthenticationManager) you should autowire the AuthenticationMangerBuilder: @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { // ... configure it ... }
更多推荐
春季安全性:configure(AuthenticationManagerBuilder auth)vs authenticationManagerBean()
发布评论