Spring Security: Not able to configure method security with java config -


i struggling configure method security java configured spring security. configuration works without problem, until use @secured annotation within controller.

spring security config: (java config)

@configuration @enablewebsecurity @enableglobalmethodsecurity(securedenabled=true) public class securityconfig extends websecurityconfigureradapter {      @autowired     private datasource datasource;      @override     public void configure(websecurity web) throws exception {         web             .ignoring()                 .antmatchers("/webjars/**","/css/**", "/less/**","/img/**","/js/**");     }      @autowired     public void registerglobal(authenticationmanagerbuilder auth) throws exception {         shapasswordencoder shapasswordencoder = new shapasswordencoder(256);         auth           .jdbcauthentication()               .datasource(datasource)               .usersbyusernamequery(getuserquery())               .authoritiesbyusernamequery(getauthoritiesquery())               .passwordencoder(shapasswordencoder);     }      @override     protected void configure(httpsecurity http) throws exception {         http         .authorizerequests()             .anyrequest().hasauthority("basic_permission")             .and()         .formlogin()             .loginpage("/login")             .defaultsuccessurl("/success-login", true)             .failureurl("/error-login")             .loginprocessingurl("/process-login")             .usernameparameter("security_username")             .passwordparameter("security_password")             .permitall()              .and()         .logout()             .logoutsuccessurl("/login")             .logouturl("/logout")             .permitall()             .and()         .rememberme()             .key("04e87501b3f04db297adb74fa8bd48ca")             .and()         .csrf()             .disable();     }      private string getuserquery() {         return "select username username, password password, active enabled "                 + "from employee "                 + "where username = ?";     }      private string getauthoritiesquery() {         return "select distinct employee.username username, permission.name authority "                 + "from employee, employee_role, role, role_permission, permission "                 + "where employee.id = employee_role.employee_id "                 + "and role.id = employee_role.role_id "                 + "and role.id = role_permission.role_id "                 + "and permission.id = role_permission.permission_id "                 + "and employee.username = ? "                 + "and employee.active = 1";     }  } 

as add @secured("employee_delete") annotation controller method,i receive following exception.

java.lang.illegalargumentexception: expecting find single bean type interface org.springframework.security.authentication.authenticationmanager, found [] 

so added authenticationmanager bean:

@bean  @override public authenticationmanager authenticationmanagerbean() throws exception {      return super.authenticationmanagerbean(); } 

but has error result:

java.lang.illegalstateexception: cannot apply org.springframework.security.config.annotation.authentication.configurers.provisioning.jdbcuserdetailsmanagerconfigurer@34e81675 built object 

it seems have share authenticationmanagerbean configured jdbcauthentication not able this. in advance!

it sounds though encountering ordering issue described in sec-2477.

as workaround, can should able use configure method authenticationmanagerbean method. not use @autowired authenticationmanagerbuilder approach.

@override protected void configure(authenticationmanagerbuilder auth) throws exception {     shapasswordencoder shapasswordencoder = new shapasswordencoder(256);     auth       .jdbcauthentication()           .datasource(datasource)           .usersbyusernamequery(getuserquery())           .authoritiesbyusernamequery(getauthoritiesquery())           .passwordencoder(shapasswordencoder); }  @bean  @override public authenticationmanager authenticationmanagerbean() throws exception {      return super.authenticationmanagerbean(); } 

Comments

Popular posts from this blog

php - regexp cyrillic filename not matches -

c# - OpenXML hanging while writing elements -

sql - Select Query has unexpected multiple records (MS Access) -