spring-security 如何在不使用WebSecurityConfigurerAdapter的情况下添加其他AuthenticationProvider

3yhwsihp  于 2022-11-11  发布在  Spring
关注(0)|答案(4)|浏览(292)

在Spring Security 5.7之前,可以通过以下方式向全局AuthenticationManager添加额外的AuthenticationProviders

public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 

    ...

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthenticationProvider);
    }

}

在Spring Security 5.7中,WebSecurityConfigurerAdapter已被弃用。

问题:我应该如何迁移这段代码来解决这个问题?

当我尝试将额外的AuthenticationProvider注册为@Bean时,自动创建的基于用户名/密码的身份验证提供程序被替换,导致

No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken

我阅读了博客文章https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter,但没有发现关于向全局AuthenticationManager添加其他身份验证提供程序的提示。

eqqqjvef

eqqqjvef1#

如果您有一个AuthenticationProvider,您可以将其注册为bean,Spring Security将拾取它:

@Bean
public CustomAuthenticationProvider customAuthenticationProvider() {
    return new CustomAuthenticationProvider();
}

或者,您可以在HttpSecurity配置中添加其他AuthenticationProvider

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http
        // ...
        .authenticationProvider(new CustomAuthenticationProvider());
    return http.build();
}
c9qzyr3d

c9qzyr3d2#

您可以使用**@EnableGlobalAuthentication**为配置类添加注解,并且能够配置AuthenticationManagerBuilder的全局示例:

@Autowired
   public void configureGlobal(AuthenticationManagerBuilder auth) {
      auth.authenticationProvider(customAuthenticationProvider);
   }

请参见相关文档:https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.html

t5fffqht

t5fffqht3#

当我想使用Spring Security添加一个自定义AuthenticationProvider而不使用WebSecurityConfigurerAdapter时,也遇到了同样的问题。
我是这么做的。
带有WebSecurityConfigurerAdapter的代码

public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 

    ...

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(customAuthenticationProvider);
    }
    }

没有WebSecurityConfigurer适配器的代码

@EnableWebSecurity
@EnableGlobalAuthentication
public class SecurityConfiguration { 

        ...

        @Autowired
        CustomAuthenticationProvider customAuthenticationProvider;

        @Autowired
        void registerProvider(AuthenticationManagerBuilder auth) {
           auth.authenticationProvider(customAuthenticationProvider);
        }
    }

注意:@启用全局身份验证并注册提供者()。
希望这会有所帮助。

u5rb5r59

u5rb5r594#

我也遇到过类似的问题。我有一个自定义的用户详细信息服务,我还使用了一个额外的自定义身份验证提供程序。一个是针对实际用户的,而自定义提供程序是针对自动化设备的。
这是我的代码与WebSecurityConfigurerAdapter:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    ...

    @Autowired
    private MyCustomAuthenticationProvider customAuthenticationProvider;

    @Autowired
    private UserDetailsService userDetailsService;

    ...

    @Bean
    PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        var encoder = passwordEncoder();
        customAuthenticationProvider.encoder(encoder);
        auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
        auth.authenticationProvider(customAuthenticationProvider);
    }

    ...
}

这是我没有WebSecurityConfigurerAdapter的代码:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration {

    ...

    @Autowired
    private MyCustomAuthenticationProvider customAuthenticationProvider;

    @Autowired
    private UserDetailsService userDetailsService;

    ...

    @Bean
    PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

    @Bean
    AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        var encoder = passwordEncoder();
        customAuthenticationProvider.encoder(encoder);
        auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
        auth.authenticationProvider(customAuthenticationProvider);
    }

    ...

}

注意:您可能需要在您的属性文件中将spring.main.allow-circular-references设置为true,这样才能正常工作。

相关问题