问题:
找不到Spring框架安全bean“身份验证管理器”
谭光辉
我正在使用带有Spring启动的OAuth2。我是奥斯的新手。我得到了这个 考虑在运行我的 Spring 启动应用程序时在您的配置异常中定义类型为“org.springframework.security.authentication.AuthenticationManager”的 bean。我在StackOverflow中看到了其他一些问题的答案,但它们并没有满足我的需求。我正在使用 Spring 引导版本 2.3.3.发布。我正在从这个存储库中获取参考。我刚刚更新了我的应用程序版本。这是我的班级,我遇到了这个问题:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
@EnableAuthorizationServer
@Configuration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("ClientId").secret("secret").authorizedGrantTypes("authorization_code")
.scopes("user_info").autoApprove(true);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
}
如果我创造了一颗这样的豆子。:
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
它已经解决了我的错误为一个类,扩展了WebSecurityCon的配置,但我的另一个类扩展了授权服务器配置适配器和这个类,解决方案是不起作用的,我得到一个警告说方法认证ManagerBean()是未定义的类型授权服务器配置适配器。你能帮我吗?
共有2个答案
牛迪
我已经通过更新AuthorizationServerConfig解决了这个问题。java类
AuthorizationServerConfig.java级:
package com.ab.security.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
@EnableAuthorizationServer
@Configuration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("ClientId").secret("secret").authorizedGrantTypes("authorization_code")
.scopes("user_info").autoApprove(true);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
}
ResourceServerConfig.java类:
package com.ab.security.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
@EnableResourceServer
@Configuration
public class ResourceServerConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers().antMatchers("/login", "/oauth/authorize").and().authorizeRequests().anyRequest()
.authenticated().and().formLogin().permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.parentAuthenticationManager(authenticationManagerBean()).inMemoryAuthentication().withUser("Peter")
.password("peter").roles("USER");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
习狐若
您正在覆盖< code > AuthorizationServerConfigurerAdapter 中不存在的方法。请使用该错误。
如您所见AuthorizationServerCon
public class AuthorizationServerConfigurerAdapter implements AuthorizationServerConfigurer {
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
}
}
类似资料:
-
我有Springmvc应用程序。我添加了带有CustomAuthentiationManager的Spring Security。这是appC中包含的application-security.xmlontex.xml.login.jsp我使用带有2个输入的标准登录页面:name='j_username'
-
spring-security.xml: 在新泽西行动豆的内部是这样的: 整个应用程序构建良好,jetty服务器启动没有问题(MyAuthenticationManager和org.springframework.security.AuthenticationManager都成功地预安装了),但是当尝试使用autowired authmanager时,我得到了空指针。
-
我用Spring Security做了一个概念验证,以便使用PRE_AUTH_FILTER过滤器执行预认证。它工作正常,但我想知道如果这个过滤器不起作用,我是否可以重定向到登录页面,因为我得到HTTP 403。< br >我的意思是,如果初始请求的头中不包含SM_USER字段,我如何重定向到登录页面?我需要考虑这两种情况(当它包含字段- SM_USER -和不包含时),但我无法让它工作。有什么想法
-
我正在尝试让JDBC身份验证与我的小辅助项目一起工作,从表面上看,它应该可以工作,但它没有。所有的配置都遵循贝娄。 如果我切换到具有相同用户名/密码的inMemory身份验证,它就会非常工作。 这是我记录输出时得到的结果:
-
让OAUTH2和管理endpoint工作的正确方法是什么?