All geek questions in one place

Autowiring Spring Authentication Manager in Java Config

I installed my own authentication provider:

@Configuration
@EnableWebSecurity
@EnableGlobalAuthentication
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("samlAuthenticationProvider")
    SAMLAuthenticationProvider samlAuthenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /**
         * Do your stuff here
         */
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(samlAuthenticationProvider);
    }   

}

Now I would also like to set an alias for the authentication manager, then I would like to auto-install it in another bean definition.

For instance:

<!-- Register authentication manager with SAML provider -->
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="samlAuthenticationProvider" />
</security:authentication-manager>

<!-- Processing filter for WebSSO Holder-of-Key profile -->
<bean id="samlWebSSOHoKProcessingFilter"
    class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="authenticationSuccessHandler" ref="successRedirectHandler" />
</bean>

Is there a way to do this only in Java Config?

+4
source share
1 answer

I feel bad with the new Java security configuration, but here is what I see from the source code:

@Import(AuthenticationConfiguration.class)
public @interface EnableGlobalAuthentication {}

This annotation imports AuthenticationConfiguration, which is also @Configuration. Any is @Configurationalso registered as a bean. So you can do this from WebSecurityConfigurerAdapter:

@Autowired
public void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
     this.authenticationConfiguration = authenticationConfiguration;
}

And get access to AuthenticationManager:

this.authenticationConfiguration.getAuthenticationManager();

xml SpEL AuthenticationManager:

<property name="authenticationManager" value="#{authenticationConfiguration.authenticationManager}" />

, , AuthenticationManager bean. .

UPDATE

, @Autowired AuthenticationManager - , @Value resque:

@Value("#{authenticationConfiguration.authenticationManager}")
private AuthenticationManager authenticationManager;

UPDATE2

WebSecurityConfigurerAdapter. JavaDocs:

/**
 * Override this method to expose the {@link AuthenticationManager} from
 * {@link #configure(AuthenticationManagerBuilder)} to be exposed as
 * a Bean. For example:
 *
 * <pre>
 * &#064;Bean(name name="myAuthenticationManager")
 * &#064;Override
 * public AuthenticationManager authenticationManagerBean() throws Exception {
 *     return super.authenticationManagerBean();
 * }
 * </pre>
 *
 * @return the {@link AuthenticationManager}
 * @throws Exception
 */
public AuthenticationManager authenticationManagerBean() throws Exception {
    return new AuthenticationManagerDelegator(authenticationBuilder);
}

Update3

AuthenticationManager WebSecurityConfigurerAdapter SAMLWebSSOHoKProcessingFilter?

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Bean
  public SAMLWebSSOHoKProcessingFilter samlFilter() {
    SAMLWebSSOHoKProcessingFilter samlFilter = new SAMLWebSSOHoKProcessingFilter();
    samlFilter.setAuthenticationManage(authenticationManager());
    .......
    return samlFilter;
  }

  @Override  
  protected void configure(HttpSecurity http) throws Exception {
      http.addFilter(samlFilter());
  }
}
+4

Source: https://habr.com/ru/post/1539530/

More articles:


All Articles