admin 管理员组

文章数量: 1086019

I am using a custom Spring Boot Starter for developing several microservices. That starter should contain some basic security configurations which I can use depending on which profile I am using in my service.

I am using a HttpSecurityConfigurer like this:

@Configuration
@ConditionalOnSingleCandidate(HttpSecurityConfigurer.class)
public class HttpSecurityConfigurerImpl implements HttpSecurityConfigurer {
    @Override
    public HttpSecurity configure(HttpSecurity http) throws Exception {
        http.sessionManagement(c -> c.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
        http.authorizeHttpRequests(c -> c
                        .requestMatchers("/actuator/health", "/actuator/liveness").permitAll()
                        .anyRequest().authenticated())
                .httpBasic(Customizer.withDefaults())
                .csrf(AbstractHttpConfigurer::disable);
        return http;
    }
}

Than I have additional configuration to enable / disable Swagger-UI access:

@Configuration
@Slf4j
@EnableWebSecurity
@RequiredArgsConstructor
@ConditionalOnProfilesActive(value = Profiles.NOAUTH, match = Matching.NONE)
@ConditionalOnProperty(name = SwaggerProperties + "unrestricted", havingValue = "true")
public class SecurityConfigSwaggerUiAutoConfiguration {

    @Bean
    @Order(2)
    public SecurityFilterChain swaggerUiSecurityFilterChain(HttpSecurity http) throws Exception {
        System.out.println("SwaggerUi");
        http.securityMatcher("/swagger-ui/**).authorizeHttpRequests(requests ->
                requests.anyRequest().permitAll()
        );
        http.httpBasic(Customizer.withDefaults());
        return http.build();
    }
}

Than I can enable LDAP access bei profile:

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
@ConditionalOnProfilesActive(LDAP)
@Slf4j
public class SecurityConfigLdapAutoConfiguration {
    private final HttpSecurityConfigurer httpSecurityConfigurer;

    @Bean
    @Order(3)
    public SecurityFilterChain ldapSecurityFilterChain(HttpSecurity http) throws Exception {
        System.out.println("LDAP");
        return httpSecurityConfigurer.configure(http).build();
    }

    @Bean
    public CachingAuthenticationProvider ldapAuthenticationManager() {
        var authenticationProvider = new ActiveDirectoryLdapAuthenticationProvider("my.domain", "my.url", "my.base");
        authenticationProvider.setSearchFilter("my.searchFilter");
        return new CachingAuthenticationProvider(authenticationProvider);
    }
}

So far, everything works fine. But now I want to add a new Profile for doing SAML authentication with a SAML Token. Therefore I added another Configuration:

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
@ConditionalOnProfilesActive(SAML)
@Slf4j
public class SecurityConfigSamlHeaderAutoConfiguration {

    @Bean
    @Order(3)
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

        System.out.println("SAML");

        http.securityMatcher("/api/**")
                .authorizeHttpRequests(authorizeRequests -> authorizeRequests
                        .anyRequest().authenticated())
                .apply(samlLogin())
                ;
        return http.build();
    }

    @Bean
    public CachingAuthenticationProvider authenticationProvider() {
        var authenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(
                "my.domain",
                "my.url",
                "my.base"
        );
        authenticationProvider.setSearchFilter(my.searchFilter);
        return new CachingAuthenticationProvider(authenticationProvider);
    }
}

But now, when I choose SAML profile it gives me an error:

Error creating bean with name '.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through method 'setFilterChains' parameter 0: Error creating bean with name 'securityFilterChain' defined in class path resource [com/my/basestarter/config/security/SecurityConfigSamlHeaderAutoConfiguration.class]: Failed to instantiate [.springframework.security.web.SecurityFilterChain]: Factory method 'securityFilterChain' threw exception with message: Can't configure mvcMatchers after anyRequest"

Can anybody help me finding the error? I thought I could do somethink similar like I did for the Swagger Configuration. But seems that I am missing something.

本文标签:

Error[2]: Invalid argument supplied for foreach(), File: /www/wwwroot/roclinux.cn/tmp/view_template_quzhiwa_htm_read.htm, Line: 58
File: /www/wwwroot/roclinux.cn/tmp/route_read.php, Line: 205, include(/www/wwwroot/roclinux.cn/tmp/view_template_quzhiwa_htm_read.htm)
File: /www/wwwroot/roclinux.cn/tmp/index.inc.php, Line: 129, include(/www/wwwroot/roclinux.cn/tmp/route_read.php)
File: /www/wwwroot/roclinux.cn/index.php, Line: 29, include(/www/wwwroot/roclinux.cn/tmp/index.inc.php)