java - spring security自定义filter的问题

Question

用spring boot建的项目。
现在想自定义一个filter，要求实现用户名，密码，公司id一起验证。
下面是我的代码，参考UsernamePasswordAuthenticationFilter写的。

//这个是filter
public class UsernamePasswordSubdomainAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

    protected UsernamePasswordSubdomainAuthenticationFilter() {
        super("/login");
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        String username = this.obtainUsername(httpServletRequest);
        String password = this.obtainPassword(httpServletRequest);
        String subdomain = this.obtainSubDomain(httpServletRequest);
        if(username == null) {
            username = "";
        }

        if(password == null) {
            password = "";
        }

        if(subdomain == null){
            subdomain = "";
        }
        username = username.trim();
        UsernamePasswordSubdomainAuthenticationToken authRequest = new UsernamePasswordSubdomainAuthenticationToken(username, password, subdomain);
        this.setDetails(httpServletRequest, authRequest);
        return this.getAuthenticationManager().authenticate(authRequest);
    }

    protected void setDetails(HttpServletRequest request, UsernamePasswordSubdomainAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }

    public String obtainUsername(HttpServletRequest request) {
        return request.getParameter("username");
    }

    public String obtainPassword(HttpServletRequest request) {
        return request.getParameter("password");
    }

    public String obtainSubDomain(HttpServletRequest request) throws MalformedURLException {
        URL url = new URL(request.getRequestURL().toString());
        String subDomain = url.getHost().split("\\.")[0];
        return subDomain;
    }
}

//这个是配置
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//    @Autowired
//    private UsernamePasswordSubdomainAuthenticationFilter usernamePasswordSubdomainAuthenticationFilter;

    @Bean
    public UsernamePasswordSubdomainAuthenticationFilter usernamePasswordSubdomainAuthenticationFilter() {
        System.out.println(this.authenticationManager);
        UsernamePasswordSubdomainAuthenticationFilter filer = new UsernamePasswordSubdomainAuthenticationFilter();
        filer.setAuthenticationManager(authenticationManager);
        return filer;
    }

//    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("user")  // #1
                .password("pass")
                .roles("USER")
                .and()
                .withUser("admin") // #2
                .password("password")
                .roles("ADMIN","USER");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
//        web
//                .ignoring()
//                .antMatchers("/resources/**"); // #3
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .addFilter(usernamePasswordSubdomainAuthenticationFilter())
                .formLogin().disable()
                .httpBasic().disable()
                .csrf()
                .disable();
    }
}

然后报了下面的错误

Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified
    at org.springframework.util.Assert.notNull(Assert.java:112)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.afterPropertiesSet(AbstractAuthenticationProcessingFilter.java:164)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1633)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1570)

Answer 1

Because you did not inject authenticationManager into filter, authenticationManager can be obtained from authentication-provider.

Answer 2

I personally think that if you want to use springSecurity but you haven’t fully understood the source code of the entire authentication process, it’s best not to use it, otherwise the project will be a complete failure.
You will understand if you look at the source code more. Your problem error message has already made it clear that the authenticationManager is not defined. Recommend an article to read carefully
http://www.liaozhida.net/springsecurity/springsecurity-%E7%AE%80%E5%8D%95%E6%8B%A6%E6%88%AA% E9%AA%8C%E8%AF%81uml%E5%9B%BE.html
SPRINGSECURITY source code analysis – what happens during the user login process

Answer 3

Did you just remove the <form-login> tag? How to weave in a custom login validation filter? Hope we can communicate.

Answer 4

http://stackoverflow.com/ques...