java - Spring Security 中具有多个 http 部分的 NoUniqueBeanDefinitionException

Question

我正在编写一个需要多种身份验证机制(基本、x509 和匿名)的 RESTful Web 服务。因此我有三个 <http>三个独立的 spring 上下文文件中的元素。

当我启动我的服务时，出现以下异常:

org.springframework.beans.factory.NoUniqueBeanDefinitionException: 
No qualifying bean of type [org.springframework.security.web.SecurityFilterChain] 
is defined: expected single matching bean but found 3: 
org.springframework.security.web.DefaultSecurityFilterChain#0,
org.springframework.security.web.DefaultSecurityFilterChain#1,
org.springframework.security.web.DefaultSecurityFilterChain#2

我觉得这很有道理，对吧？我已经定义了三个 元素，因此 spring 可能会创建三个 org.springframework.security.web.DefaultSecurityFilterChain 实例。现在有人要求类型为 org.springframework.security.web.SecurityFilterChain 的 bean，并找到了三个。

但是，according to Spring Security documentation ，这应该是可能的，所以我的问题是:如何让这种情况发挥作用？

这是我的三个<http>配置:

x509Auth.xml:

<sec:http pattern="/service/x509/**" use-expressions="true">
    <sec:x509 subject-principal-regex="(.*)" user-service-ref="ldapUserDetailsService" />
    <sec:intercept-url pattern="/service/x509/identity/**" access="hasRole('Domain Users')" />
</sec:http>

basicAuth.xml:

<sec:http pattern="/anubis/basic/**" use-expressions="true" create-session="stateless">
    <sec:intercept-url pattern="/service/basic/identity/**" access="isAuthenticated()" />
    <sec:http-basic />
</sec:http>

noAuth.xml:

<sec:http pattern="/service/anonymous/**" security="none" />

Answer 1

感谢this InfoQ post ，我了解到新的灵 active 带来了新的责任。因为你可以有多个 <http>现在，您还可以拥有多个身份验证管理器。这需要我们告诉 spring 每个 <http> 对应哪个认证管理器。元素。

这是我现在可以使用的 spring 配置:

<!-- This section configures X509 Certificate Authentication -->
<sec:http
        pattern="/service/x509/**"
        use-expressions="true"
        authentication-manager-ref="ldapAuthenticationManager">
    <sec:x509 subject-principal-regex="(.*)" user-service-ref="ldapUserDetailsService" />
    <sec:intercept-url pattern="/service/x509/identity/**" access="hasRole('Domain Users')" />
</sec:http>

<sec:authentication-manager alias="ldapAuthenticationManager">
    <sec:authentication-provider user-service-ref="ldapUserDetailsService" />
</sec:authentication-manager>

<!-- This section configures BASIC Authentication -->
<sec:http
        pattern="/service/basic/**"
        use-expressions="true"
        create-session="stateless"
        authentication-manager-ref="mongoAuthenticationManager">
    <sec:http-basic />
    <sec:intercept-url pattern="/service/basic/identity/**" access="isAuthenticated()" />
</sec:http>

<sec:authentication-manager alias="mongoAuthenticationManager">
    <sec:authentication-provider user-service-ref="mongoUserDetailsService" />
</sec:authentication-manager>

<!-- This section configures NO Authentication -->
<sec:http pattern="/service/anonymous/**" security="none" />