无法实现具有 Spring 安全性的 CustomAuthenticationProvider:自动装配时出现 BeanCreationException
Unable to implement CustomAuthenticationProvider with Spring Security: BeanCreationException while autowiring
我正在 Spring 安全性中实施 CustomAuthenticationProvider。我创建了实现 AuthenticationProvider 的 CustomAuthenticationProvider class。但是,当我在我的 SecurityConfiguration class 中定义此 CustomAuthenticationProvider 并自动装配它时,应用程序会抛出以下错误:
2020-03-08 19:27:42 [main] ERROR o.s.web.context.ContextLoader - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.highrise.isimwebapp.config.customauth.CustomAuthenticationProvider com.highrise.isimwebapp.config.SecurityConfiguration.authProvider; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [com.highrise.isimwebapp.config.customauth.CustomAuthenticationProvider] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)}
我在我的 CustomAuthenticationProvider class 中包含了 @Component 注释。此外,定义此 class 的包包含在 @ComponentScan 中。上下文未获取 CustomAuthenticationProvider bean。其他定义的 classes 被 @ComponentScan 中定义的上下文成功获取,并且在它们的自动装配对象上没有收到此类错误。我这边可能出了什么问题?非常感谢任何有关如何解决此问题的帮助。
CustomAuthenticationProvider.java
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// TODO Auto-generated method stub
String name = authentication.getName();
String password = authentication.getCredentials().toString();
if(name.equalsIgnoreCase("testuser1") && password.equalsIgnoreCase("demo"))
return new UsernamePasswordAuthenticationToken(name, password);
else
throw new BadCredentialsException("Authentication failed");
}
@Override
public boolean supports(Class<?> authentication) {
// TODO Auto-generated method stub
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
SecurityConfiguration.java
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider authProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/icon/**").permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password").permitAll().defaultSuccessUrl("/persons/listall")
.and().csrf().disable();
}
}
SpringWebConfig.java
@EnableWebMvc
@Configuration
@ComponentScan({ "com.highrise.isimwebapp.config", "com.highrise.isimwebapp.config.customauth", "com.highrise.isimwebapp.config.servlet3", "com.highrise.isimwebapp.web", "com.highrise.isimwebapp.service", "com.highrise.isimwebapp.dao",
"com.highrise.isimwebapp.exception", "com.highrise.isimwebapp.validator" })
public class SpringWebConfig extends WebMvcConfigurerAdapter {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**").addResourceLocations("/resources/");
}
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/views/jsp/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
@Bean
public ResourceBundleMessageSource messageSource() {
ResourceBundleMessageSource rb = new ResourceBundleMessageSource();
rb.setBasenames(new String[] { "messages/messages", "messages/validation" });
return rb;
}
}
问题可能出在包扫描的顺序上,我可以建议你两种方法:
- 将
@ComponentScan("com.highrise.isimwebapp.config.customauth") 移动到 SecurityConfiguration class。
- 从
CustomAuthenticationProvider class 中删除 @Component 注释并在 SecurityConfiguration 中声明 @Bean,如下所示:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/icon/**").permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password").permitAll().defaultSuccessUrl("/persons/listall")
.and().csrf().disable();
}
@Bean
public CustomAuthenticationProvider customAuthProvider() {
return new CustomAuthenticationProvider();
}
}
我正在 Spring 安全性中实施 CustomAuthenticationProvider。我创建了实现 AuthenticationProvider 的 CustomAuthenticationProvider class。但是,当我在我的 SecurityConfiguration class 中定义此 CustomAuthenticationProvider 并自动装配它时,应用程序会抛出以下错误:
2020-03-08 19:27:42 [main] ERROR o.s.web.context.ContextLoader - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.highrise.isimwebapp.config.customauth.CustomAuthenticationProvider com.highrise.isimwebapp.config.SecurityConfiguration.authProvider; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [com.highrise.isimwebapp.config.customauth.CustomAuthenticationProvider] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)}
我在我的 CustomAuthenticationProvider class 中包含了 @Component 注释。此外,定义此 class 的包包含在 @ComponentScan 中。上下文未获取 CustomAuthenticationProvider bean。其他定义的 classes 被 @ComponentScan 中定义的上下文成功获取,并且在它们的自动装配对象上没有收到此类错误。我这边可能出了什么问题?非常感谢任何有关如何解决此问题的帮助。
CustomAuthenticationProvider.java
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// TODO Auto-generated method stub
String name = authentication.getName();
String password = authentication.getCredentials().toString();
if(name.equalsIgnoreCase("testuser1") && password.equalsIgnoreCase("demo"))
return new UsernamePasswordAuthenticationToken(name, password);
else
throw new BadCredentialsException("Authentication failed");
}
@Override
public boolean supports(Class<?> authentication) {
// TODO Auto-generated method stub
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
SecurityConfiguration.java
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider authProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/icon/**").permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password").permitAll().defaultSuccessUrl("/persons/listall")
.and().csrf().disable();
}
}
SpringWebConfig.java
@EnableWebMvc
@Configuration
@ComponentScan({ "com.highrise.isimwebapp.config", "com.highrise.isimwebapp.config.customauth", "com.highrise.isimwebapp.config.servlet3", "com.highrise.isimwebapp.web", "com.highrise.isimwebapp.service", "com.highrise.isimwebapp.dao",
"com.highrise.isimwebapp.exception", "com.highrise.isimwebapp.validator" })
public class SpringWebConfig extends WebMvcConfigurerAdapter {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**").addResourceLocations("/resources/");
}
@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setViewClass(JstlView.class);
viewResolver.setPrefix("/WEB-INF/views/jsp/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
@Bean
public ResourceBundleMessageSource messageSource() {
ResourceBundleMessageSource rb = new ResourceBundleMessageSource();
rb.setBasenames(new String[] { "messages/messages", "messages/validation" });
return rb;
}
}
问题可能出在包扫描的顺序上,我可以建议你两种方法:
- 将
@ComponentScan("com.highrise.isimwebapp.config.customauth")移动到SecurityConfigurationclass。 - 从
CustomAuthenticationProviderclass 中删除@Component注释并在SecurityConfiguration中声明@Bean,如下所示:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/icon/**").permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password").permitAll().defaultSuccessUrl("/persons/listall")
.and().csrf().disable();
}
@Bean
public CustomAuthenticationProvider customAuthProvider() {
return new CustomAuthenticationProvider();
}
}