我有一个工作的自定义Spring安全配置,以使用JSON Web令牌而不是HTTPSession来保护特定的url模式。Spring Security配置周期性依赖关系错误
我为了能够在相对method based security到基于URL的模式,我需要注册一个的AuthenticationManager,从而未能由于循环依赖:
Caused by: org.springframework.beans.BeanInstantiationException:
Failed to instantiate [org.springframework.security.authentication.AuthenticationManager]:
Factory method 'authenticationManagerBean' threw exception; nested exception is org.springframework.beans.FatalBeanException:
A dependency cycle was detected when trying to resolve the AuthenticationManager. Please ensure you have configured authentication.
我自己的依赖关系是一种过滤器,我需要为了配置它。一切工作正常,当我省略了注册的验证管理器:
@Configuration
@EnableWebSecurity
@Order(2)
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private StatelessAuthenticationFilter statelessAuthenticationFilter;
public SpringSecurityConfig() {
super(true);
}
@Override
public void configure(WebSecurity web) throws Exception {
...
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
...
// check specific paths for specific role
.antMatchers("/...").hasRole("...")
...
// all other calls must be authenticated
.anyRequest().authenticated().and()
// custom filter to parse JWT token previously sent to client from header and create Authentication
.addFilterBefore(statelessAuthenticationFilter, (Class<? extends Filter>) UsernamePasswordAuthenticationFilter.class)
...
}
// config works fine without this method, but method security needs an AuthenticationManager:
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
我错过了什么?
THX快速回复。我已经用下面的答案解决了它,所以我不知道你的方法是否也适用。 – Journeycorner