Spring Security: Not able to configure method security with java config -
i struggling configure method security java configured spring security. configuration works without problem, until use @secured annotation within controller.
spring security config: (java config)
@configuration @enablewebsecurity @enableglobalmethodsecurity(securedenabled=true) public class securityconfig extends websecurityconfigureradapter { @autowired private datasource datasource; @override public void configure(websecurity web) throws exception { web .ignoring() .antmatchers("/webjars/**","/css/**", "/less/**","/img/**","/js/**"); } @autowired public void registerglobal(authenticationmanagerbuilder auth) throws exception { shapasswordencoder shapasswordencoder = new shapasswordencoder(256); auth .jdbcauthentication() .datasource(datasource) .usersbyusernamequery(getuserquery()) .authoritiesbyusernamequery(getauthoritiesquery()) .passwordencoder(shapasswordencoder); } @override protected void configure(httpsecurity http) throws exception { http .authorizerequests() .anyrequest().hasauthority("basic_permission") .and() .formlogin() .loginpage("/login") .defaultsuccessurl("/success-login", true) .failureurl("/error-login") .loginprocessingurl("/process-login") .usernameparameter("security_username") .passwordparameter("security_password") .permitall() .and() .logout() .logoutsuccessurl("/login") .logouturl("/logout") .permitall() .and() .rememberme() .key("04e87501b3f04db297adb74fa8bd48ca") .and() .csrf() .disable(); } private string getuserquery() { return "select username username, password password, active enabled " + "from employee " + "where username = ?"; } private string getauthoritiesquery() { return "select distinct employee.username username, permission.name authority " + "from employee, employee_role, role, role_permission, permission " + "where employee.id = employee_role.employee_id " + "and role.id = employee_role.role_id " + "and role.id = role_permission.role_id " + "and permission.id = role_permission.permission_id " + "and employee.username = ? " + "and employee.active = 1"; } }
as add @secured("employee_delete")
annotation controller method,i receive following exception.
java.lang.illegalargumentexception: expecting find single bean type interface org.springframework.security.authentication.authenticationmanager, found []
so added authenticationmanager
bean:
@bean @override public authenticationmanager authenticationmanagerbean() throws exception { return super.authenticationmanagerbean(); }
but has error result:
java.lang.illegalstateexception: cannot apply org.springframework.security.config.annotation.authentication.configurers.provisioning.jdbcuserdetailsmanagerconfigurer@34e81675 built object
it seems have share authenticationmanagerbean
configured jdbcauthentication
not able this. in advance!
it sounds though encountering ordering issue described in sec-2477.
as workaround, can should able use configure method authenticationmanagerbean method. not use @autowired authenticationmanagerbuilder approach.
@override protected void configure(authenticationmanagerbuilder auth) throws exception { shapasswordencoder shapasswordencoder = new shapasswordencoder(256); auth .jdbcauthentication() .datasource(datasource) .usersbyusernamequery(getuserquery()) .authoritiesbyusernamequery(getauthoritiesquery()) .passwordencoder(shapasswordencoder); } @bean @override public authenticationmanager authenticationmanagerbean() throws exception { return super.authenticationmanagerbean(); }
Comments
Post a Comment