我设置了一个自定义身份验证提供程序:
@Configuration
@EnableWebSecurity
@EnableGlobalAuthentication
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("samlAuthenticationProvider")
SAMLAuthenticationProvider samlAuthenticationProvider;
@Override
protected void configure(HttpSecurity http) throws Exception {
/**
* Do your stuff here
*/
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(samlAuthenticationProvider);
}
}
现在,我还想为身份验证管理器设置一个别名,然后我想在另一个 bean 定义中 Autowiring 它。
例如:
<!-- Register authentication manager with SAML provider -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="samlAuthenticationProvider" />
</security:authentication-manager>
<!-- Processing filter for WebSSO Holder-of-Key profile -->
<bean id="samlWebSSOHoKProcessingFilter"
class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationSuccessHandler" ref="successRedirectHandler" />
</bean>
有没有办法只在 Java Config 中做到这一点?
最佳答案
我对新的安全 Java 配置不太满意,但这是我从源代码中看到的:
@Import(AuthenticationConfiguration.class)
public @interface EnableGlobalAuthentication {}
此注释导入
AuthenticationConfiguration 也是 @Configuration。任何 @Configuration 也被注册为 bean。所以,你可以从 WebSecurityConfigurerAdapter 这样做:@Autowired
public void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
this.authenticationConfiguration = authenticationConfiguration;
}
并访问
AuthenticationManager :this.authenticationConfiguration.getAuthenticationManager();
从 xml 的角度来看,您可以使用 SpEL 访问该
authenticationManager :<property name="authenticationManager" value="#{authenticationConfiguration.authenticationManager}" />
抱歉,我不明白将
AuthenticationManager 注册为 bean 的重点。从这里您无法为他配置 别名 。更新
顺便说一句,如果您要将
@Autowired AuthenticationManager 编码到其他某个组件,则 @Value 会出现问题:@Value("#{authenticationConfiguration.authenticationManager}")
private AuthenticationManager authenticationManager;
UPDATE2
找到了
WebSecurityConfigurerAdapter 。源代码和 JavaDocs:/**
* Override this method to expose the {@link AuthenticationManager} from
* {@link #configure(AuthenticationManagerBuilder)} to be exposed as
* a Bean. For example:
*
* <pre>
* @Bean(name name="myAuthenticationManager")
* @Override
* public AuthenticationManager authenticationManagerBean() throws Exception {
* return super.authenticationManagerBean();
* }
* </pre>
*
* @return the {@link AuthenticationManager}
* @throws Exception
*/
public AuthenticationManager authenticationManagerBean() throws Exception {
return new AuthenticationManagerDelegator(authenticationBuilder);
}
UPDATE3
如何从自定义
AuthenticationManager 访问现有的 WebSecurityConfigurerAdapter 并配置 SAMLWebSSOHoKProcessingFilter ?@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public SAMLWebSSOHoKProcessingFilter samlFilter() {
SAMLWebSSOHoKProcessingFilter samlFilter = new SAMLWebSSOHoKProcessingFilter();
samlFilter.setAuthenticationManage(authenticationManager());
.......
return samlFilter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilter(samlFilter());
}
}
关于java - 在 Java Config 中 Autowiring Spring Authentication Manager,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/23512837/