Menu
I use:
Everything is configured with Java Config (including spring-security)
I'm working on a web server project where Authentication: Basic base64Gibberish header are used to authenticate users.
The problem is that depending on the URI the AuthenticationManager is different (because I need 2 different UserDetailsService.
I've tried multiple extensions of WebSecurityConfigurerAdapter with
@Override
@Bean( name = "authManager1" )
public AuthenticationManager authenticationManagerBean() throws Exception
@Override
@Bean( name = "authManager2" )
public AuthenticationManager authenticationManagerBean() throws Exception
to no avail
I always get:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain'
defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Instantiation of bean failed;
nested exception is org.springframework.beans.factory.BeanDefinitionStoreException:
Factory method [public javax.servlet.Filter org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain() throws java.lang.Exception]
threw exception; nested exception is java.lang.IllegalArgumentException:
Expecting to only find a single bean for type interface org.springframework.security.authentication.AuthenticationManager,
but found [authManager1, authManager2]
Since I have multiple security filter chains how can I "tell" spring-security to inject different AuthenticationManager in different security filter chains ?
Thanks in advance P.
272
The Authentication Manager is only a interface and actual implementation of the authenticate method is provided by the ProviderManager. The ProviderManager has a list of AuthenticationProviders. From it's authenticate method it calls the authenticate method of the appropriate AuthenticateProvider.
Form-based login is one form of Username/password authentication that Spring Security provides support for. This is provided through an Html form. Whenever a user requests a protected resource, Spring Security checks for the authentication of the request.
An AuthenticationManager can do one of 3 things in its authenticate() method: Return an Authentication (normally with authenticated=true ) if it can verify that the input represents a valid principal. Throw an AuthenticationException if it believes that the input represents an invalid principal.
You can have multiple http configuration elements, each with its own AuthenticationManager. It could look like that :
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
private AuthenticationManager authenticationManager1() {
// defines first AuthenticationManager
return authenticationManager;
}
@Bean
private AuthenticationManager authenticationManager2() {
// defines second AuthenticationManager
return authenticationManager;
}
@Configuration
@Order(1)
public static class Uri1ApiConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier(authenticationManager1)
private authManager1;
@Override
protected AuthenticationManager authenticationManager() {
return authManager1;
}
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/URI1/**")
...
}
}
@Configuration
@Order(2)
public static class Uri2ApiConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier(authenticationManager2)
private authManager2;
@Override
protected AuthenticationManager authenticationManager() {
return authManager2;
}
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/URI2/**")
...
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
