spring-boot - 具有多个身份验证配置文件的 Spring Boot
问题描述
我按照这两篇文章在 Spring Boot 应用程序中实现了多个身份验证配置文件:
- https://medium.com/@igor.bonny/multiple-spring-boot-security-configuration-c876f1b6061e
- https://dev.to/trexinc/spring-boot-and-multiple-authentication-profiles-none-password-okta-5bce
最后的SecurityConfiguration
类如下所示:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
@Configuration
@Profile({"qa", "prod"})
public static class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/someUrl").permitAll()
.antMatchers("/someUrl").fullyAuthenticated()
.antMatchers("/api/ping").permitAll()
.antMatchers("/**").fullyAuthenticated()
...
.
}
}
@Configuration
public static class LocalSecurityConfiguration extends WebSecurityConfigurerAdapter {
...
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/someUrl").permitAll()
.antMatchers("/someUrl").fullyAuthenticated()
.antMatchers("/api/ping").permitAll()
.antMatchers("/**").permitAll().
...
.
}
}
}
我也有单独application-{profile}.yaml
的文件qa
和prod
配置文件(环境)。
启动应用程序时
mvn spring-boot:run -Dspring.profiles.active=qa
我看到应用了正确的配置文件(qa
):
Running with Spring Boot v2.1.3.RELEASE, Spring v5.1.5.RELEASE
...
The following profiles are active: a
...
但它后来失败了:
***************************
APPLICATION FAILED TO START
***************************
Description:
The bean 'authenticationManagerBean', defined in class path resource [com/.../SecurityConfiguration$WebSecurityConfiguration.class], could not be registered. A bean with that name has already been defined in class path resource [com/../SecurityConfiguration$LocalSecurityConfiguration.class] and overriding is disabled.
Action:
Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true
[WARNING]
java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:566)
at org.springframework.boot.maven.AbstractRunMojo$LaunchRunner.run (AbstractRunMojo.java:558)
at java.lang.Thread.run (Thread.java:834)
Caused by: org.springframework.beans.factory.support.BeanDefinitionOverrideException: Invalid bean definition with name 'authenticationManagerBean' defined in class path resource [com/../SecurityConfiguration$WebSecurityConfiguration.class]: Cannot register bean definition [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=securityConfiguration.WebSecurityConfiguration; factoryMethodName=authenticationManagerBean; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [com/.../SecurityConfiguration$WebSecurityConfiguration.class]] for bean 'authenticationManagerBean': There is already [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=securityConfiguration.LocalSecurityConfiguration; factoryMethodName=authenticationManagerBean; initMethodName=null; destroyMethodName=(inferred); defined in class path resource [com/..../SecurityConfiguration$LocalSecurityConfiguration.class]] bound.
在不指定任何配置文件的情况下运行时,它会毫无错误地启动。那有什么问题?
谢谢你。
解决方案
据我了解,当您启用qa
配置文件时,两个类型的 beanWebSecurityConfiguration
都处于活动状态,因此 Spring 无法处理它们同时启用,这就是您遇到错误的原因。当您在没有配置文件的情况下运行它时,则WebSecurityConfiguration
不会启用,因此只有一个类型WebSecurityConfigurerAdapter
的 bean 处于活动状态。一种解决方案是用否定条件注释
LocalSecurityConfiguration
bean,例如
@Profile("!qa & !prod")
这适用于 Spring 版本 > 5.1(Spring Boot 2.1),在以前的版本中,您可以使用 @Conditional 注释(https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework /context/annotation/Conditional.html)并创建一个自定义实现来表达你的逻辑扩展SpringBootCondition
类
推荐阅读
- azure - 架构扩展 GRAPH API Azure - 拒绝访问
- git - 尝试自动完成“git stash drop”会产生错误输出
- sql - 如何使用 Access VBA 将两个查询的结果显示到 MS 图表对象上
- routes - Polymer1.0 应用路由器不工作。路由没有发生
- angular - Angular 9 - 延迟加载在生产构建中不起作用
- python - 如何为 mypy 定义类字典的类型?
- python - a = b 和 a = b[:] 有什么区别?
- javascript - ngx-quill:无法创建自定义列表印迹
- java - SWT - 如何判断小部件/复合材料在某些坐标处有滚动条或对象是滚动条
- php - XeroAPI - 禁止发票附件访问