如何将自定义 DaoAuthenticationProvider 加载到 Spring 上下文中?
How to load a custom DaoAuthenticationProvider into the Spring Context?
我遇到了 Spring 安全问题。
我有一个带有扩展 WebSecurityConfigurerAdapter 的 SecurityConfig class 的 java-config 实现。
在这个class中我想覆盖方法"configure()"
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder());
provider.setUserDetailsService(securityService);
auth.authenticationProvider(provider);
}
//...
}
一切正常,工作正常。
问题是 "MyDaoAuthenticationProvider" 组件没有加载到 Spring 上下文中。
所以我无法在 class:
中注入或自动装配任何组件
public class MyDaoAuthenticationProvider extends DaoAuthenticationProvider {
@Autowired
AuthenticationHandler authenticationHandler; // <- authenticationHandler is null, is not resolved
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
authenticationHandler.authenticate(authentication); // <- NullPointerException in this point
}
}
这是 AuthenticationHandler class:
@Component
public class AuthenticationHandler {
public void authenticate (Authentication authentication) {
// do stuff
}
}
如果我将 @Component 放在 MyDaoAuthenticationProvider class 上并在 SecurityConfig 中添加 @Autowired 注释 class:
@Autowired
MyDaoAuthenticationProvider provider;
应用程序在启动时崩溃并出现此错误:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDaoAuthenticationProvider' defined in file [...\MyDaoAuthenticationProvider.class]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A UserDetailsService must be set
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:446)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:328)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: A UserDetailsService must be set
at org.springframework.util.Assert.notNull(Assert.java:115)
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.doAfterPropertiesSet(DaoAuthenticationProvider.java:105)
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.afterPropertiesSet(AbstractUserDetailsAuthenticationProvider.java:122)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574)
... 21 more
我需要做什么来解决这个问题?
谢谢。
编辑
解决方案
感谢 OrangeDog,我解决了这个实现的问题:
@Bean
public MyDaoAuthenticationProvider myAuthProvider() throws Exception {
MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder());
provider.setUserDetailsService(securityService);
return provider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(myAuthProvider());
}
使用此配置,bean 已正确初始化并且不再有错误 "java.lang.IllegalArgumentException: A UserDetailsService must be set"。
此外,bean 被加载到 Spring 上下文中,因此 DaoAuthenticationProvider 中的所有注入组件都被正确解析。
Error creating bean with name 'myDaoAuthenticationProvider' [...] A UserDetailsService must be set
您的 MyDaoAuthenticationProvider 没有 UserDetailsService。
您必须实施、注入、and/or 设置一个。例如,不使用 @Component:
@Bean
public MyDaoAuthenticationProvider myAuthProvider() {
MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder());
provider.setUserDetailsService(securityService);
return provider;
}
然后您需要停止在 configure 方法中创建另一个。
如果您认为自己不需要,那么您可能不应该实施 DaoAuthenticationProvider。也许你真的想实现一个泛型 AuthenticationProvider,或者使用它的其他实现 类.
我遇到了 Spring 安全问题。
我有一个带有扩展 WebSecurityConfigurerAdapter 的 SecurityConfig class 的 java-config 实现。
在这个class中我想覆盖方法"configure()"
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder());
provider.setUserDetailsService(securityService);
auth.authenticationProvider(provider);
}
//...
}
一切正常,工作正常。
问题是 "MyDaoAuthenticationProvider" 组件没有加载到 Spring 上下文中。 所以我无法在 class:
中注入或自动装配任何组件public class MyDaoAuthenticationProvider extends DaoAuthenticationProvider {
@Autowired
AuthenticationHandler authenticationHandler; // <- authenticationHandler is null, is not resolved
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
authenticationHandler.authenticate(authentication); // <- NullPointerException in this point
}
}
这是 AuthenticationHandler class:
@Component
public class AuthenticationHandler {
public void authenticate (Authentication authentication) {
// do stuff
}
}
如果我将 @Component 放在 MyDaoAuthenticationProvider class 上并在 SecurityConfig 中添加 @Autowired 注释 class:
@Autowired
MyDaoAuthenticationProvider provider;
应用程序在启动时崩溃并出现此错误:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myDaoAuthenticationProvider' defined in file [...\MyDaoAuthenticationProvider.class]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A UserDetailsService must be set
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:446)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:328)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: A UserDetailsService must be set
at org.springframework.util.Assert.notNull(Assert.java:115)
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.doAfterPropertiesSet(DaoAuthenticationProvider.java:105)
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.afterPropertiesSet(AbstractUserDetailsAuthenticationProvider.java:122)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574)
... 21 more
我需要做什么来解决这个问题? 谢谢。
编辑
解决方案
感谢 OrangeDog,我解决了这个实现的问题:
@Bean
public MyDaoAuthenticationProvider myAuthProvider() throws Exception {
MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder());
provider.setUserDetailsService(securityService);
return provider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(myAuthProvider());
}
使用此配置,bean 已正确初始化并且不再有错误 "java.lang.IllegalArgumentException: A UserDetailsService must be set"。
此外,bean 被加载到 Spring 上下文中,因此 DaoAuthenticationProvider 中的所有注入组件都被正确解析。
Error creating bean with name 'myDaoAuthenticationProvider' [...] A UserDetailsService must be set
您的 MyDaoAuthenticationProvider 没有 UserDetailsService。
您必须实施、注入、and/or 设置一个。例如,不使用 @Component:
@Bean
public MyDaoAuthenticationProvider myAuthProvider() {
MyDaoAuthenticationProvider provider = new MyDaoAuthenticationProvider();
provider.setPasswordEncoder(passwordEncoder());
provider.setUserDetailsService(securityService);
return provider;
}
然后您需要停止在 configure 方法中创建另一个。
如果您认为自己不需要,那么您可能不应该实施 DaoAuthenticationProvider。也许你真的想实现一个泛型 AuthenticationProvider,或者使用它的其他实现 类.