spring-security 不赞成使用WebSecurityConfigurerAdapter类后,authenticationManagerBean函数的替代方法是什么?[duplicate]

cczfrluj  于 2022-11-11  发布在  Spring
关注(0)|答案(2)|浏览(147)

此问题在此处已有答案

Spring get instance of AuthenticationManager complicated since WebSecurityConfigurerAdapter deprecated(1个答案)
上个月关门了。
在Sping Boot 2.7.4中,不赞成使用包含authenticationManagerBean函数的WebSecurityConfigurerAdapter
还有什么选择呢?

t5zmwmid

t5zmwmid1#

这些天我一直面临着和你一样的问题,唯一找到的解决办法就是这个

@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}

但是这导致了我在测试中的一个异常。我在GitHub上发布了一个Spring启动问题。请查看以了解最新信息。https://github.com/spring-projects/spring-framework/issues/29215这可能是一个bug

lokaqttq

lokaqttq2#

我发现替代方法是AuthenticationConfiguration类中的getAuthenticationManager函数

@Bean
    protected SecurityFilterChain configure(final HttpSecurity http,
                                            final AuthenticationManagerBuilder auth,
                                            final AuthenticationConfiguration authenticationConfiguration) throws Exception {
        // set the authentication provider
        auth.authenticationProvider(daoAuthenticationProvider());

        // set the authorization and authentication rules
        return http
                .csrf().disable()
                // Make sure that the session is stateless because we are using JWT
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                // Add the JWT filter (my custom filter)
                .addFilter(new JwtFilter(authenticationConfiguration.getAuthenticationManager()))
                .build();
}

相关问题