Spring boot、spring安全覆盖UserDetailsService

Question

从spring安全xml配置迁移到Spring Security中的Java Config。

在我的扩展WebSecurityConfigurerAdapter的类SecurityConfiguration中。但是，问题是安全筛选器没有使用userDetailsService，特别是UsernamePasswordAuthenticationFilter。我看了一下启动程序，它似乎不是在Spring boot创建默认InMemoryUserDetailsManager之前创建的。

@Configuration
@EnableWebMvcSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http)
      throws Exception {

      http.userDetailsService(userDetailsService);

    }
}

我还尝试使用自定义注入的ApplicationUserDetailsService覆盖该类中的userDetailsServiceBean和userDetailsService。

@Bean(name="myUserDetailsBean")
@Override
public UserDetailsService userDetailsServiceBean() {
    return userDetailsService;
}

@Override
public UserDetailsService userDetailsService() {

    return userDetailsService;
}

然而，当我尝试覆盖authenticationManagerBean时，它看起来像是在spring boot配置初始化之前调用了我的配置，但它抛出了一个错误(如下所示)：在初始化UsernamePasswordAuthenticationFilter时存在循环引用。我真的需要覆盖authenticationManagerBean吗，因为我需要定义进入UsernamePasswordAuthenticationFilter的内容。

@Bean(name="myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

。。

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]: Circular reference involving containing bean 'securityBeansConfiguration' - consider declaring the factory method as static for independence from its containing instance. Factory method 'usernamePasswordAuthenticationFilter' threw exception; nested exception is java.lang.IllegalArgumentException: successHandler cannot be null
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) ~[spring-beans-4.1.4.RELEASE.jar:4.1.4.RELEASE]
... 70 common frames omitted

想法？

Answer 1

您好，有一种简单的方法可以覆盖UserDetailsService

import com.dog.care.domain.User;
import com.dog.care.repository.UserRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

import javax.inject.Inject;
import java.util.Optional;

@Component("userDetailsService")
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {

private final Logger log = LoggerFactory.getLogger(UserDetailsService.class);

@Inject
private UserRepository userRepository;

@Override
@Transactional
public UserDetails loadUserByUsername(final String login) {
    log.debug("Authenticating {}", login);
    String lowercaseLogin = login.toLowerCase();
    Optional<User> userFromDatabase =  userRepository.findOneByLogin(lowercaseLogin);
    return userFromDatabase.map(user -> {
        if (!user.getActivated()) {
            throw new UserNotActivatedException("User " + lowercaseLogin + " was not activated");
        }
        return new CustomUserDetails(user);
    }).orElseThrow(() -> new UsernameNotFoundException("User " + lowercaseLogin + " was not found in the database"));
}
}

这很重要：@Component("userDetailsService")

谢谢Aleksandar