我正在编写一个需要多种身份验证机制(基本、x509 和匿名)的 RESTful Web 服务。因此我有三个 <http>
三个独立的 spring 上下文文件中的元素。
当我启动我的服务时,出现以下异常:
org.springframework.beans.factory.NoUniqueBeanDefinitionException:
No qualifying bean of type [org.springframework.security.web.SecurityFilterChain]
is defined: expected single matching bean but found 3:
org.springframework.security.web.DefaultSecurityFilterChain#0,
org.springframework.security.web.DefaultSecurityFilterChain#1,
org.springframework.security.web.DefaultSecurityFilterChain#2
我觉得这很有道理,对吧?我已经定义了三个
但是,according to Spring Security documentation ,这应该是可能的,所以我的问题是:如何让这种情况发挥作用?
这是我的三个<http>
配置:
x509Auth.xml:
<sec:http pattern="/service/x509/**" use-expressions="true">
<sec:x509 subject-principal-regex="(.*)" user-service-ref="ldapUserDetailsService" />
<sec:intercept-url pattern="/service/x509/identity/**" access="hasRole('Domain Users')" />
</sec:http>
basicAuth.xml:
<sec:http pattern="/anubis/basic/**" use-expressions="true" create-session="stateless">
<sec:intercept-url pattern="/service/basic/identity/**" access="isAuthenticated()" />
<sec:http-basic />
</sec:http>
noAuth.xml:
<sec:http pattern="/service/anonymous/**" security="none" />
最佳答案
感谢this InfoQ post ,我了解到新的灵 active 带来了新的责任。因为你可以有多个 <http>
现在,您还可以拥有多个身份验证管理器。这需要我们告诉 spring 每个 <http>
对应哪个认证管理器。元素。
这是我现在可以使用的 spring 配置:
<!-- This section configures X509 Certificate Authentication -->
<sec:http
pattern="/service/x509/**"
use-expressions="true"
authentication-manager-ref="ldapAuthenticationManager">
<sec:x509 subject-principal-regex="(.*)" user-service-ref="ldapUserDetailsService" />
<sec:intercept-url pattern="/service/x509/identity/**" access="hasRole('Domain Users')" />
</sec:http>
<sec:authentication-manager alias="ldapAuthenticationManager">
<sec:authentication-provider user-service-ref="ldapUserDetailsService" />
</sec:authentication-manager>
<!-- This section configures BASIC Authentication -->
<sec:http
pattern="/service/basic/**"
use-expressions="true"
create-session="stateless"
authentication-manager-ref="mongoAuthenticationManager">
<sec:http-basic />
<sec:intercept-url pattern="/service/basic/identity/**" access="isAuthenticated()" />
</sec:http>
<sec:authentication-manager alias="mongoAuthenticationManager">
<sec:authentication-provider user-service-ref="mongoUserDetailsService" />
</sec:authentication-manager>
<!-- This section configures NO Authentication -->
<sec:http pattern="/service/anonymous/**" security="none" />
关于java - Spring Security 中具有多个 http 部分的 NoUniqueBeanDefinitionException,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20863943/