将spring.xml转换为基于Java的安全配置类
问题描述:
我正试图将Spring Security应用到我的Spring Boot应用程序中。我一直试图将Spring XML
转换为SecurityConfig
类。将spring.xml转换为基于Java的安全配置类
以下是XML配置。
<?xml version="1.0" encoding="UTF-8"?>
<bean:beans
xmlns:bean="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:c="http://www.springframework.org/schema/c"
xmlns="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<!--
Applies to root appContext beans only, for MVC Controllers is this declaration repeated in MVC config.
Actually, we currently don't need this as we have on annotation outside of MVC.
There is more here that can go wrong. If you use interface-based proxy (our demo uses CGLib), you may
need to add proxy-target-class="true" as well. Book "Spring Security 3.1", Chapter 10, Fine-grained
Access Control, from header "Method security on Spring MVC controllers" on discusses these topics.
-->
<global-method-security secured-annotations="enabled"/>
<http realm="Protected API"
use-expressions="true"
create-session="stateless"
entry-point-ref="unauthorizedEntryPoint"
authentication-manager-ref="restAuthenticationManager">
<!--
Added after moving to Spring Boot 1.3 + Spring Security 4.x,
otherwise we could not login with basic auth because of: Expected CSRF token not found
TODO: Please, mind, that I did not migrate this XML to Spring Security 4.x except for this element
-->
<csrf disabled="true"/>
<!--
This is not easily possible, because it causes:
DEBUG o.s.s.w.a.ExceptionTranslationFilter - Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
-->
<!--<anonymous enabled="false"/>-->
<custom-filter ref="restAuthenticationFilter" position="FORM_LOGIN_FILTER"/>
<intercept-url pattern="/*" access="permitAll"/>
<intercept-url pattern="/secure/**" access="isFullyAuthenticated()"/>
</http>
<bean:bean id="unauthorizedEntryPoint" class="com.github.virgo47.respsec.main.restsec.UnauthorizedEntryPoint"/>
<bean:bean id="userDetailService" class="com.github.virgo47.respsec.main.secimpl.MyUserDetailsService"/>
<authentication-manager id="restAuthenticationManager">
<authentication-provider user-service-ref="userDetailService">
<!--
Default password encoder is PlaintextPasswordEncoder, which fits with our hardcoded users.
Obviously not a good choice otherwise.
-->
</authentication-provider>
</authentication-manager>
<bean:bean id="tokenManager" class="com.github.virgo47.respsec.main.secimpl.TokenManagerSingle"/>
<bean:bean id="authenticationService" class="com.github.virgo47.respsec.main.secimpl.AuthenticationServiceDefault"
c:authenticationManager-ref="restAuthenticationManager" c:tokenManager-ref="tokenManager"/>
<bean:bean id="restAuthenticationFilter" class="com.github.virgo47.respsec.main.restsec.TokenAuthenticationFilter"
c:authenticationService-ref="authenticationService" c:logoutLink="/logout"/>
</bean:beans>
这是安全配置,我已经写了:
@Configuration
@EnableWebSecurity
@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class})
@Order(1)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UnauthorizedEntryPoint unauthorizedEntryPoint;
@Autowired
private ChecklistUserDetailsService checklistUserDetailsService;
@Autowired
private TokenManagerSingle tokenManager;
@Autowired
private AuthenticationService authenticationService;
@Autowired
private ChecklistUserRepository checklistUserRepository;
@Bean
public UnauthorizedEntryPoint unauthorizedEntryPoint() {
return new UnauthorizedEntryPoint();
}
@Bean
public AuthenticationService authenticationService() {
return ;
}
@Bean
public AuthenticationEntryPoint unauthorizedEntryPoint() {
return new RestApiAuthenticationEntryPoint();
}
@Bean
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(anonymousFilter(), AnonymousAuthenticationFilter.class)
.csrf().disable() //TODO: CSRF should not be disabled. JIRA issue IN-163 tracks this.
.x509() // Go with default Spring settings for X509
.and()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedEntryPoint())
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/checklists").fullyAuthenticated()
.antMatchers(HttpMethod.GET, "/checklists").anonymous()
.antMatchers(HttpMethod.POST, "checklists/login").permitAll()
}
@Autowired
public void configureAuth(AuthenticationManagerBuilder auth) {
try {
auth.userDetailsService(userDetailsService())
.passwordEncoder(passwordEncoder());
} catch (Exception e) {
final String msg = "Exception occurred while configuring AuthenticationManagerBuilder: " + e.toString();
throw new RuntimeException(msg, e.getCause());
}
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
错误:
No qualifying bean of type 'life.plank.snap.security.impl.TokenManagerSingle'
答
我想你需要:
创建com.github.virgo47.respsec.main.secimpl.TokenManagerSingle
回报类新豆,把这些行放在你的配置中:
@Bean
public TokenManagerSingle tokenManager(){
return new TokenManagerSingle();
}