Spring Security 身份验证管理器不会在自定义过滤器上被选中

浏览 1

Spring Security authentication manager won't get picked up on custom filter

我正在尝试创建一个自定义过滤器来处理身份验证,因为我被迫使用 AD 和本地数据库 (arg!) 的组合来确定访问权限。我正在使用官方文档,对于这个特定的问题,主要是这部分。

但是,当我运行我的服务器时,它抱怨 AuthenticationManager 为空,而我相信我在 XML 中设置它,如这个 SO question 中所述。我在这里想念什么?

例外:

SEVERE: Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myUsernamePasswordAuthenticationFilter' defined in file [*snip*]:

Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: authenticationManager must be specified

...

Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified

at org.springframework.util.Assert.notNull(Assert.java:112)

<beans xmlns="http://www.springframework.org/schema/beans"

 xmlns:context="http://www.springframework.org/schema/context"

 xmlns:sec="http://www.springframework.org/schema/security"

 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

 xsi:schemaLocation="http://www.springframework.org/schema/beans

  http://www.springframework.org/schema/beans/spring-beans-3.2.xsd

  http://www.springframework.org/schema/context

  http://www.springframework.org/schema/context/spring-context-3.2.xsd

  http://www.springframework.org/schema/security

  http://www.springframework.org/schema/security/spring-security-3.1.xsd">



<context:property-placeholder location="classpath*:META-INF/spring/*.properties" />

<context:spring-configured />

<context:component-scan base-package="myapp" />



<!-- Spring Security Configuration. -->

<sec:http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint"

    access-denied-page="/denied.jsp">

  <sec:custom-filter position="FORM_LOGIN_FILTER" ref="myAuthenticationFilter" />



  <sec:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/404.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/**" access="ROLE_USER" />



  <sec:logout logout-url="/logout" logout-success-url="/login" />

</sec:http>

<sec:authentication-manager alias="authenticationManager">

  <sec:authentication-provider ref="myAuthenticationProvider" />

</sec:authentication-manager>



<bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">

  <property name="loginFormUrl" value="/login" />

</bean>

<bean id="myAuthenticationFilter" class="myapp.MyUsernamePasswordAuthenticationFilter">

  <property name="authenticationManager" ref="authenticationManager" />

</bean>

<bean id="myAuthenticationProvider" class="myapp.MyAuthenticationProvider" />
@Component

public class MyUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

public AdminUsernamePasswordAuthenticationFilter() {

  super("/login");

}



@Override

public Authentication attemptAuthentication(final HttpServletRequest request,

    final HttpServletResponse response) throws AuthenticationException {

  // stuff and:

  return getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(

      login, request.getParameter("password")));

}

}
@Component

public class MyAuthenticationProvider implements AuthenticationProvider {

@Override

public Authentication authenticate(final Authentication authentication) throws AuthenticationException {

  // all the funky AD+DB code

  return null;

}



@Override

public boolean supports(final Class< ? > clazz) {

  return true;

}

}

XML:(带有一些简化的类名)

SEVERE: Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myUsernamePasswordAuthenticationFilter' defined in file [*snip*]:

Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: authenticationManager must be specified

...

Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified

at org.springframework.util.Assert.notNull(Assert.java:112)

<beans xmlns="http://www.springframework.org/schema/beans"

 xmlns:context="http://www.springframework.org/schema/context"

 xmlns:sec="http://www.springframework.org/schema/security"

 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

 xsi:schemaLocation="http://www.springframework.org/schema/beans

  http://www.springframework.org/schema/beans/spring-beans-3.2.xsd

  http://www.springframework.org/schema/context

  http://www.springframework.org/schema/context/spring-context-3.2.xsd

  http://www.springframework.org/schema/security

  http://www.springframework.org/schema/security/spring-security-3.1.xsd">



<context:property-placeholder location="classpath*:META-INF/spring/*.properties" />

<context:spring-configured />

<context:component-scan base-package="myapp" />



<!-- Spring Security Configuration. -->

<sec:http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint"

    access-denied-page="/denied.jsp">

  <sec:custom-filter position="FORM_LOGIN_FILTER" ref="myAuthenticationFilter" />



  <sec:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/404.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/**" access="ROLE_USER" />



  <sec:logout logout-url="/logout" logout-success-url="/login" />

</sec:http>

<sec:authentication-manager alias="authenticationManager">

  <sec:authentication-provider ref="myAuthenticationProvider" />

</sec:authentication-manager>



<bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">

  <property name="loginFormUrl" value="/login" />

</bean>

<bean id="myAuthenticationFilter" class="myapp.MyUsernamePasswordAuthenticationFilter">

  <property name="authenticationManager" ref="authenticationManager" />

</bean>

<bean id="myAuthenticationProvider" class="myapp.MyAuthenticationProvider" />
@Component

public class MyUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

public AdminUsernamePasswordAuthenticationFilter() {

  super("/login");

}



@Override

public Authentication attemptAuthentication(final HttpServletRequest request,

    final HttpServletResponse response) throws AuthenticationException {

  // stuff and:

  return getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(

      login, request.getParameter("password")));

}

}
@Component

public class MyAuthenticationProvider implements AuthenticationProvider {

@Override

public Authentication authenticate(final Authentication authentication) throws AuthenticationException {

  // all the funky AD+DB code

  return null;

}



@Override

public boolean supports(final Class< ? > clazz) {

  return true;

}

}

过滤器:

SEVERE: Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myUsernamePasswordAuthenticationFilter' defined in file [*snip*]:

Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: authenticationManager must be specified

...

Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified

at org.springframework.util.Assert.notNull(Assert.java:112)

<beans xmlns="http://www.springframework.org/schema/beans"

 xmlns:context="http://www.springframework.org/schema/context"

 xmlns:sec="http://www.springframework.org/schema/security"

 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

 xsi:schemaLocation="http://www.springframework.org/schema/beans

  http://www.springframework.org/schema/beans/spring-beans-3.2.xsd

  http://www.springframework.org/schema/context

  http://www.springframework.org/schema/context/spring-context-3.2.xsd

  http://www.springframework.org/schema/security

  http://www.springframework.org/schema/security/spring-security-3.1.xsd">



<context:property-placeholder location="classpath*:META-INF/spring/*.properties" />

<context:spring-configured />

<context:component-scan base-package="myapp" />



<!-- Spring Security Configuration. -->

<sec:http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint"

    access-denied-page="/denied.jsp">

  <sec:custom-filter position="FORM_LOGIN_FILTER" ref="myAuthenticationFilter" />



  <sec:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/404.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/**" access="ROLE_USER" />



  <sec:logout logout-url="/logout" logout-success-url="/login" />

</sec:http>

<sec:authentication-manager alias="authenticationManager">

  <sec:authentication-provider ref="myAuthenticationProvider" />

</sec:authentication-manager>



<bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">

  <property name="loginFormUrl" value="/login" />

</bean>

<bean id="myAuthenticationFilter" class="myapp.MyUsernamePasswordAuthenticationFilter">

  <property name="authenticationManager" ref="authenticationManager" />

</bean>

<bean id="myAuthenticationProvider" class="myapp.MyAuthenticationProvider" />
@Component

public class MyUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

public AdminUsernamePasswordAuthenticationFilter() {

  super("/login");

}



@Override

public Authentication attemptAuthentication(final HttpServletRequest request,

    final HttpServletResponse response) throws AuthenticationException {

  // stuff and:

  return getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(

      login, request.getParameter("password")));

}

}
@Component

public class MyAuthenticationProvider implements AuthenticationProvider {

@Override

public Authentication authenticate(final Authentication authentication) throws AuthenticationException {

  // all the funky AD+DB code

  return null;

}



@Override

public boolean supports(final Class< ? > clazz) {

  return true;

}

}

身份验证提供者:

SEVERE: Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myUsernamePasswordAuthenticationFilter' defined in file [*snip*]:

Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: authenticationManager must be specified

...

Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified

at org.springframework.util.Assert.notNull(Assert.java:112)

<beans xmlns="http://www.springframework.org/schema/beans"

 xmlns:context="http://www.springframework.org/schema/context"

 xmlns:sec="http://www.springframework.org/schema/security"

 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

 xsi:schemaLocation="http://www.springframework.org/schema/beans

  http://www.springframework.org/schema/beans/spring-beans-3.2.xsd

  http://www.springframework.org/schema/context

  http://www.springframework.org/schema/context/spring-context-3.2.xsd

  http://www.springframework.org/schema/security

  http://www.springframework.org/schema/security/spring-security-3.1.xsd">



<context:property-placeholder location="classpath*:META-INF/spring/*.properties" />

<context:spring-configured />

<context:component-scan base-package="myapp" />



<!-- Spring Security Configuration. -->

<sec:http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint"

    access-denied-page="/denied.jsp">

  <sec:custom-filter position="FORM_LOGIN_FILTER" ref="myAuthenticationFilter" />



  <sec:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/404.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />

  <sec:intercept-url pattern="/**" access="ROLE_USER" />



  <sec:logout logout-url="/logout" logout-success-url="/login" />

</sec:http>

<sec:authentication-manager alias="authenticationManager">

  <sec:authentication-provider ref="myAuthenticationProvider" />

</sec:authentication-manager>



<bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">

  <property name="loginFormUrl" value="/login" />

</bean>

<bean id="myAuthenticationFilter" class="myapp.MyUsernamePasswordAuthenticationFilter">

  <property name="authenticationManager" ref="authenticationManager" />

</bean>

<bean id="myAuthenticationProvider" class="myapp.MyAuthenticationProvider" />
@Component

public class MyUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

public AdminUsernamePasswordAuthenticationFilter() {

  super("/login");

}



@Override

public Authentication attemptAuthentication(final HttpServletRequest request,

    final HttpServletResponse response) throws AuthenticationException {

  // stuff and:

  return getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(

      login, request.getParameter("password")));

}

}
@Component

public class MyAuthenticationProvider implements AuthenticationProvider {

@Override

public Authentication authenticate(final Authentication authentication) throws AuthenticationException {

  // all the funky AD+DB code

  return null;

}



@Override

public boolean supports(final Class< ? > clazz) {

  return true;

}

}

我正在运行 Java 6、最新的 Spring Security (3.1.4.RELEASE) 和 Spring (3.2.3.RELEASE) 版本,在 Tomcat v6 服务器上运行。不同的 Spring 版本似乎不是问题(相关的 SO question)。如果这会是一个问题,如果你想使用 Spring Security 就必须运行 Spring 3.1.4 只是 meh...

我尝试过的一些其他事情无济于事:

  • 如here所述(底部答案),我尝试放弃 <sec:authentication-manager /> 以支持普通bean。
  • 我尝试在各种组合中添加 bean id\\'s、names、authentication-manager-refs。

    • 啊...我发现了许多人在 Spring 中犯的基本错误。您在 XML 中定义了您的 bean MyUsernamePasswordAuthenticationFilter,这是正确的。但是,您还使用 @Component 注释对其进行了注释,这意味着它正在被组件扫描选择并注册为另一个 bean 定义。并且来自此定义的 bean 实例确实不会将其 authenticationManager 依赖项初始化。

    只要去掉MyUsernamePasswordAuthenticationFilter中的@Component注解就可以了。

(0)
« 上一篇
下一篇 »

相关推荐

  • Spring部署设置openshift

    Springdeploymentsettingsopenshift我有一个问题让我抓狂了三天。我根据OpenShift帐户上的教程部署了spring-eap6-quickstart代码。我已配置调试选项,并且已将Eclipse工作区与OpehShift服务器同步-服务器上的一切工作正常,但在Eclipse中出现无法消除的错误。我有这个错误:cvc-complex-type.2.4.a:Invali…
    2025-04-161

  • 检查Java中正则表达式中模式的第n次出现

    CheckfornthoccurrenceofpatterninregularexpressioninJava本问题已经有最佳答案,请猛点这里访问。我想使用Java正则表达式检查输入字符串中特定模式的第n次出现。你能建议怎么做吗?这应该可以工作:MatchResultfindNthOccurance(intn,Patternp,CharSequencesrc){Matcherm=p.matcher…
    2025-04-161

  • 如何让 JTable 停留在已编辑的单元格上

    HowtohaveJTablestayingontheeditedcell如果有人编辑JTable的单元格内容并按Enter,则内容会被修改并且表格选择会移动到下一行。是否可以禁止JTable在单元格编辑后转到下一行?原因是我的程序使用ListSelectionListener在单元格选择上同步了其他一些小部件,并且我不想在编辑当前单元格后选择下一行。Enter的默认绑定是名为selectNext…
    2025-04-161

  • Weblogic 12c 部署

    Weblogic12cdeploy我正在尝试将我的应用程序从Tomcat迁移到Weblogic12.2.1.3.0。我能够毫无错误地部署应用程序,但我遇到了与持久性提供程序相关的运行时错误。这是堆栈跟踪:javax.validation.ValidationException:CalltoTraversableResolver.isReachable()threwanexceptionatorg.…
    2025-04-161

  • Resteasy Content-Type 默认值

    ResteasyContent-Typedefaults我正在使用Resteasy编写一个可以返回JSON和XML的应用程序,但可以选择默认为XML。这是我的方法:@GET@Path("/content")@Produces({MediaType.APPLICATION_XML,MediaType.APPLICATION_JSON})publicStringcontentListRequestXm…
    2025-04-161

  • 代码不会停止运行,在 Java 中

    thecodedoesn'tstoprunning,inJava我正在用Java解决项目Euler中的问题10,即"Thesumoftheprimesbelow10is2+3+5+7=17.Findthesumofalltheprimesbelowtwomillion."我的代码是packageprojecteuler_1;importjava.math.BigInteger;importjava…
    2025-04-161

  • Out of memory java heap space

    Outofmemoryjavaheapspace我正在尝试将大量文件从服务器发送到多个客户端。当我尝试发送大小为700mb的文件时,它显示了"OutOfMemoryjavaheapspace"错误。我正在使用Netbeans7.1.2版本。我还在属性中尝试了VMoption。但仍然发生同样的错误。我认为阅读整个文件存在一些问题。下面的代码最多可用于300mb。请给我一些建议。提前致谢publicc…
    2025-04-161

  • Log4j 记录到共享日志文件

    Log4jLoggingtoaSharedLogFile有没有办法将log4j日志记录事件写入也被其他应用程序写入的日志文件。其他应用程序可以是非Java应用程序。有什么缺点?锁定问题?格式化?Log4j有一个SocketAppender,它将向服务发送事件,您可以自己实现或使用与Log4j捆绑的简单实现。它还支持syslogd和Windows事件日志,这对于尝试将日志输出与来自非Java应用程序…
    2025-04-161
手机版技术脚本