1
我試圖使用Spring Security 3.2 M2的servletApi(),但無法成功。 AuthenticationManager在SecurityContextHolderAwareRequestFilter處似乎爲空。並因此HttpServlet3RequestFactory被創建爲空authenticationManager。Spring Security 3.2和servletApi()
這裏是我的安全配置的實現:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER")
.and();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// .exceptionHandling().and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.ifRequired)
.sessionRegistry(new StarSessionRegistry()).and().and()
.securityContext().and()
// .requestCache().and()
// .anonymous().and()
.servletApi().and()
// .apply(new DefaultLoginPageConfigurer<HttpSecurity>()).and()
// .logout()
// .and()
.authorizeUrls()
.antMatchers("/login").permitAll()
.antMatchers("/**").authenticated();
}
}
我可以看到SecurityContextHolderAwareRequestFilter由ObjectPostProcessor加強,但似乎AuthenticationManager會不能在它裏面被注入。
我需要提供另一個BeanProcessor還是缺少一些東西?