我正在尝试使用servletApi()Spring Security 3.2 M2 但无法成功。AuthenticationManager似乎为空SecurityContextHolderAwareRequestFilter。因此,它HttpServlet3RequestFactory是用 null 创建的authenticationManager。
这是我的安全配置的实现:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER")
.and();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// .exceptionHandling().and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.ifRequired)
.sessionRegistry(new StarSessionRegistry()).and().and()
.securityContext().and()
// .requestCache().and()
// .anonymous().and()
.servletApi().and()
// .apply(new DefaultLoginPageConfigurer<HttpSecurity>()).and()
// .logout()
// .and()
.authorizeUrls()
.antMatchers("/login").permitAll()
.antMatchers("/**").authenticated();
}
}
我可以看到SecurityContextHolderAwareRequestFilterObjectPostProcessor 增强了它,但似乎无法将 AuthenticationManager 注入其中。
我需要提供另一个 BeanProcessor 还是我遗漏了什么?