version 2.3.12.RELEASE
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
I want to create AuthenticationManager bean But However, the setapplicationcontext method of websecurityconfigureradapter is always executed after me, resulting in the authenticationbuilder being null when the bean is created
Here is my configuration class
@Configuration
@EnableWebSecurity
@ConfigurationProperties(prefix ="security")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private String listMode;
public void setListMode(String listMode){this.listMode=listMode;};
private List<ListVO> list;
public void setList(List<ListVO> list){this.list=list;};
@Resource
private TokenManager tokenManager;
@Resource
private RedisService redisService;
@Resource
private UserDetailsService userDetailsService;
@Resource
private UserService userService;
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling()
.authenticationEntryPoint(new UnAuthenticationEntryPoint())
.and().logout().logoutUrl("/user/logout")
.addLogoutHandler(new LogoutHandler(tokenManager,redisService)).and()
.addFilter(new AuthenticationFilter(authenticationManager(), tokenManager, redisService)).httpBasic();
if(ListModeEnum.WHITELIST.getName().equals(listMode)){
http.exceptionHandling().and().authorizeRequests().anyRequest().authenticated();//所有接口都需要权限认知
}
if(ListModeEnum.BLACKLIST.getName().equals(listMode)){
for(ListVO listVO:list){
http.exceptionHandling().and().authorizeRequests().antMatchers(listVO.getPath()).hasRole(listVO.getRole());
}
}
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
public void configure(WebSecurity web) throws Exception {
if(ListModeEnum.WHITELIST.getName().equals(listMode)){
String[] paths = list.stream().map(item -> item.getPath()).toArray(String[]::new);
web.ignoring().antMatchers(paths);
web.ignoring().antMatchers("/user/login","/user/register");
}
if(ListModeEnum.BLACKLIST.getName().equals(listMode)){
web.ignoring().anyRequest();
}
}
}
Comment From: eleftherias
Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.
Comment From: GenusLi
Thank you for your reply. During debugging, I found that if I add an additional configuration class, this problem can be avoided, which seems to be caused by the problem of bean loading order.
Example:
/**
* Original configuration
*/
@Configuration
@EnableWebSecurity
@ConfigurationProperties(prefix ="security")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
......
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling()
.authenticationEntryPoint(new UnAuthenticationEntryPoint())
......
}
......
}
/**
* New configuration class
* Use only to create AuthenticationManager bean
*/
@Order
@Configuration
public class AuthenticationManagerConfig extends WebSecurityConfigurerAdapter {
@Bean(name = "authenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
I must configure the AuthenticationManager bean separately in an additional configuration class.
Sorry, for time reasons, I can't provide the smallest example that can reproduce this problem.
Finally, thank you for your selfless dedication to Java.