Spring Security:无法使用java config配置方法安全性
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了Spring Security:无法使用java config配置方法安全性,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含3337字,纯文字阅读大概需要5分钟。
内容图文
我正在努力用java配置的spring安全性来配置方法安全性.我的配置没有任何问题,直到我在任何控制器中使用@Secured注释.
Spring Security Config:(java config)
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/webjars/**","/css/**", "/less/**","/img/**","/js/**");
}
@Autowired
public void registerGlobal(AuthenticationManagerBuilder auth) throws Exception {
ShaPasswordEncoder shaPasswordEncoder = new ShaPasswordEncoder(256);
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery(getUserQuery())
.authoritiesByUsernameQuery(getAuthoritiesQuery())
.passwordEncoder(shaPasswordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().hasAuthority("BASIC_PERMISSION")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/success-login", true)
.failureUrl("/error-login")
.loginProcessingUrl("/process-login")
.usernameParameter("security_username")
.passwordParameter("security_password")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/login")
.logoutUrl("/logout")
.permitAll()
.and()
.rememberMe()
.key("04E87501B3F04DB297ADB74FA8BD48CA")
.and()
.csrf()
.disable();
}
private String getUserQuery() {
return "SELECT username as username, password as password, active as enabled "
+ "FROM employee "
+ "WHERE username = ?";
}
private String getAuthoritiesQuery() {
return "SELECT DISTINCT employee.username as username, permission.name as authority "
+ "FROM employee, employee_role, role, role_permission, permission "
+ "WHERE employee.id = employee_role.employee_id "
+ "AND role.id = employee_role.role_id "
+ "AND role.id = role_permission.role_id "
+ "AND permission.id = role_permission.permission_id "
+ "AND employee.username = ? "
+ "AND employee.active = 1";
}
}
只要将@Secured(“EMPLOYEE_DELETE”)注释添加到任何控制器方法,我就会收到以下异常.
java.lang.IllegalArgumentException: Expecting to only find a single bean for type interface org.springframework.security.authentication.AuthenticationManager, but found []
所以我添加了一个AuthenticationManager bean:
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
但是这会导致另一个错误:
java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer@34e81675 to already built object
似乎我必须与配置的jdbcAuthentication共享authenticationManagerBean,但我无法做到这一点.感谢您的帮助!
解决方法:
听起来好像遇到了SEC-2477中描述的排序问题.
作为一种变通方法,您可以将configure方法与authenticationManagerBean方法一起使用.不要使用@Autowired AuthenticationManagerBuilder方法.
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
ShaPasswordEncoder shaPasswordEncoder = new ShaPasswordEncoder(256);
auth
.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery(getUserQuery())
.authoritiesByUsernameQuery(getAuthoritiesQuery())
.passwordEncoder(shaPasswordEncoder);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
内容总结
以上是互联网集市为您收集整理的Spring Security:无法使用java config配置方法安全性全部内容,希望文章能够帮你解决Spring Security:无法使用java config配置方法安全性所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。