当您使用
protectedregisterAuthentication的方法
WebSecurityConfigurerAdapter是范围界定身份验证到
WebSecurityConfigurerAdapter如此
EnableGlobalMethodSecurity无法找到它。如果您考虑一下……这是有道理的,因为该方法受到保护。
您看到的错误实际上是一个调试语句(请注意级别为DEBUG)。原因是Spring Security将尝试几种不同的方法来自动连接Global Method
Security。具体来说,
EnableGlobalMethodSecurity将尝试以下方法来尝试获取
AuthenticationManager:
- 如果您扩展
GlobalMethodSecurityConfiguration
并覆盖,registerAuthentication
它将使用AuthenticationManagerBuilder
传入的。这允许AuthenticationManager
您以与WebSecurityConfigurerAdapter
- 尝试从的全局共享实例进行构建
AuthenticationManagerBuilder
,如果失败,它将记录您所看到的错误消息(请注意,日志还指出“目前还可以,我们将尝试直接使用AuthenticationManager”) - 尝试使用
AuthenticationManager
暴露为Bean的。
对于您的代码,最好使用以下代码:
@Configuration@EnableWebSecurity@EnableGlobalMethodSecurity(prePostEnabled=true)public class MultiSecurityConfig { // Since MultiSecurityConfig does not extend GlobalMethodSecurityConfiguration and // define an AuthenticationManager, it will try using the globally defined // AuthenticationManagerBuilder to create one // The @Enable*Security annotations create a global AuthenticationManagerBuilder // that can optionally be used for creating an AuthenticationManager that is shared // The key to using it is to use the @Autowired annotation @Autowired public void registerSharedAuthentication(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); } @Configuration @Order(1) public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { // Since we didn't specify an AuthenticationManager for this class, // the global instance is used protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/api/**") .httpBasic(); } } @Configuration public static class FormWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { // Since we didn't specify an AuthenticationManager for this class, // the global instance is used public void configure(WebSecurity web) throws Exception { web .ignoring() .antMatchers("/static/**","/status"); } protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().hasRole("USER") .and() .formLogin() .loginPage("/login") .permitAll(); } }}注意:有关此问题的更多文档将在未来几天内添加到参考中。
