Найдено 2 аутентификационных бобов. Global Authentication Manager не будет настроен с помощью Authentication Providers ⇐ JAVA

[Anonymous]

Я строю пользовательскую интеграцию OAuth2 с использованием Spring Security V6.5.2 и Spring OAuth2 Authorization Server V1.5.1, и я вижу следующее в журналах < /p>
Нашел 2 бобы аутентификации, с именами, с именами.mxpTokenExchangeAuthenticationProvider, mxptokenrevocationauthenticationprovider ]. Global Authentication Manager не будет настроен с помощью Authentication Providers. Подумайте о том, чтобы опубликовать единую аутентификацию Provider Bean или подключение ваших поставщиков непосредственно, используя DSL. < /P>
Я не смог найти, как я могу это исправить.@Bean
@Order(1) // Ensure that OAuth filter chain is processed first
public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http,
MxpTokenExchangeAuthorizationHandler mxpTokenExchangeAuthorizationHandler,
MxpAuthorizeExchangeHandler mxpAuthorizeExchangeHandler) throws Exception {
OAuth2AuthorizationServerConfigurer oauth2AuthorizationServerConfigurer =
OAuth2AuthorizationServerConfigurer.authorizationServer();

RequestMatcher requestMatcher = request
-> (
// irelevant code that builds a security matcher
);
MxpAuthRequestsMatcher mxpAuthRequestsMatcher =
new MxpAuthRequestsMatcher(requestMatcher);
http.securityMatcher(mxpAuthRequestsMatcher)
.csrf(csrf -> csrf.ignoringRequestMatchers(requestMatcher))
.authenticationManager(customAuthenticationManager())
.authorizeHttpRequests(auth
-> auth.requestMatchers(requestMatcher)
.permitAll()
// disable other endpoints
.requestMatchers("/.well-known/jwks.json")
.denyAll()
.requestMatchers("/oauth2/introspect")
.denyAll()
.requestMatchers("/connect/register")
.denyAll()
.requestMatchers("/userinfo")
.denyAll()
.requestMatchers("/connect/logout")
.denyAll())
.with(oauth2AuthorizationServerConfigurer,
(authorizationServer)
-> authorizationServer.tokenRevocationEndpoint(
tokenRevocationEndpoint
-> tokenRevocationEndpoint
.revocationRequestConverter(
new MxpRevocationRequestConverter())
.revocationResponseHandler(
new MxpRevocationResponseHandler())
.errorResponseHandler(mxpOAuth2ExceptionHandler)));

http.addFilterBefore(
new MxpTokenEndpointFilter(mxpTokenExchangeAuthorizationHandler,
mxpAuthorizeExchangeHandler, mxpConfiguration),
UsernamePasswordAuthenticationFilter.class);

return http.build();
}
< /code>
Попытка #1, чтобы исправить это с помощью аутентификации Manager < /p>
@Bean
public AuthenticationManager customAuthenticationManager() throws Exception {
return new ProviderManager(List.of(mxpTokenExchangeAuthenticationProvider,
mxpTokenRevocationAuthenticationProvider));
}
< /code>
Попытка № 2, подключившись к бобам AuthenticationProvider непосредственно в вашей конфигурации httpsecurity. < /p>
@Bean
public AuthenticationManager customAuthenticationManager() throws Exception {
return new ProviderManager(List.of(mxpTokenExchangeAuthenticationProvider,
mxpTokenRevocationAuthenticationProvider));
}

@Bean
@Order(1) // Ensure that OAuth filter chain is processed first
public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http,
MxpTokenExchangeAuthorizationHandler mxpTokenExchangeAuthorizationHandler,
MxpAuthorizeExchangeHandler mxpAuthorizeExchangeHandler) throws Exception {
OAuth2AuthorizationServerConfigurer oauth2AuthorizationServerConfigurer =
OAuth2AuthorizationServerConfigurer.authorizationServer();

RequestMatcher requestMatcher = request
-> (
// irelevant code that builds a security matcher
);
MxpAuthRequestsMatcher mxpAuthRequestsMatcher =
new MxpAuthRequestsMatcher(requestMatcher);
http.securityMatcher(mxpAuthRequestsMatcher)
.csrf(csrf -> csrf.ignoringRequestMatchers(requestMatcher))
.authenticationProvider(mxpTokenExchangeAuthenticationProvider)
.authenticationProvider(mxpTokenRevocationAuthenticationProvider)
.authorizeHttpRequests(auth
-> auth.requestMatchers(requestMatcher)
.permitAll()
// disable other endpoints
.requestMatchers("/.well-known/jwks.json")
.denyAll()
.requestMatchers("/oauth2/introspect")
.denyAll()
.requestMatchers("/connect/register")
.denyAll()
.requestMatchers("/userinfo")
.denyAll()
.requestMatchers("/connect/logout")
.denyAll())
.with(oauth2AuthorizationServerConfigurer,
(authorizationServer)
-> authorizationServer.tokenRevocationEndpoint(
tokenRevocationEndpoint
-> tokenRevocationEndpoint
.revocationRequestConverter(
new MxpRevocationRequestConverter())
.revocationResponseHandler(
new MxpRevocationResponseHandler())
.errorResponseHandler(mxpOAuth2ExceptionHandler)));

http.addFilterBefore(
new MxpTokenEndpointFilter(mxpTokenExchangeAuthorizationHandler,
mxpAuthorizeExchangeHandler, mxpConfiguration),
UsernamePasswordAuthenticationFilter.class);

return http.build();
}
< /code>
Оба провайдера аутентификации реализуют аутентификацию provider < /p>
@Component
@Slf4j
public class MxpTokenExchangeAuthenticationProvider
implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
// code
}

@Component
public class MxpTokenRevocationAuthenticationProvider
implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {}

@Override
public boolean supports(Class authentication) {
return OAuth2TokenRevocationAuthenticationToken
.class.isAssignableFrom(authentication);
}
}

@Override
public boolean supports(Class authentication) {
return MxpAuthenticationToken.class.isAssignableFrom(authentication);
}

@Component
public class MxpTokenRevocationAuthenticationProvider
implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
// code
}

@Override
public boolean supports(Class authentication) {
return OAuth2TokenRevocationAuthenticationToken
.class.isAssignableFrom(authentication);
}
}


Подробнее здесь: https://stackoverflow.com/questions/797 ... ill-not-be