Spring Security authentication manager won't get picked up on custom filter
我正在尝试创建一个自定义过滤器来处理身份验证,因为我被迫使用 AD 和本地数据库 (arg!) 的组合来确定访问权限。我正在使用官方文档,对于这个特定的问题,主要是这部分。
但是,当我运行我的服务器时,它抱怨 AuthenticationManager 为空,而我相信我在 XML 中设置它,如这个 SO question 中所述。我在这里想念什么?
例外:
1 2 3 4 5 | SEVERE: Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myUsernamePasswordAuthenticationFilter' defined in file [*snip*]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: authenticationManager must be specified ... Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified at org.springframework.util.Assert.notNull(Assert.java:112) |
XML:(带有一些简化的类名)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <context:property-placeholder location="classpath*:META-INF/spring/*.properties" /> <context:spring-configured /> <context:component-scan base-package="myapp" /> <!-- Spring Security Configuration. --> <sec:http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint" access-denied-page="/denied.jsp"> <sec:custom-filter position="FORM_LOGIN_FILTER" ref="myAuthenticationFilter" /> <sec:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <sec:intercept-url pattern="/404.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <sec:intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <sec:intercept-url pattern="/**" access="ROLE_USER" /> <sec:logout logout-url="/logout" logout-success-url="/login" /> </sec:http> <sec:authentication-manager alias="authenticationManager"> <sec:authentication-provider ref="myAuthenticationProvider" /> </sec:authentication-manager> <bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <property name="loginFormUrl" value="/login" /> </bean> <bean id="myAuthenticationFilter" class="myapp.MyUsernamePasswordAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager" /> </bean> <bean id="myAuthenticationProvider" class="myapp.MyAuthenticationProvider" /> |
过滤器:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | @Component public class MyUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter { public AdminUsernamePasswordAuthenticationFilter() { super("/login"); } @Override public Authentication attemptAuthentication(final HttpServletRequest request, final HttpServletResponse response) throws AuthenticationException { // stuff and: return getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken( login, request.getParameter("password"))); } } |
身份验证提供者:
1 2 3 4 5 6 7 8 9 10 11 12 13 | @Component public class MyAuthenticationProvider implements AuthenticationProvider { @Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { // all the funky AD+DB code return null; } @Override public boolean supports(final Class< ? > clazz) { return true; } } |
我正在运行 Java 6、最新的 Spring Security (3.1.4.RELEASE) 和 Spring (3.2.3.RELEASE) 版本,在 Tomcat v6 服务器上运行。不同的 Spring 版本似乎不是问题(相关的 SO question)。如果这会是一个问题,如果你想使用 Spring Security 就必须运行 Spring 3.1.4 只是 meh...
我尝试过的一些其他事情无济于事:
啊...我发现了许多人在 Spring 中犯的基本错误。您在 XML 中定义了您的 bean
只要去掉