Gefunden 2 Authentifizierungsproviderbohnen. Der Global Authentication Manager wird nicht mit Authentifizierungsprovider ⇐ Java

[Anonymous]

Ich erstelle eine benutzerdefinierte OAuth2 -Integration mit Spring Security V6.5.2 und Spring OAuth2 Authorization Server v1.5.1 und ich sehe Folgendes in den Protokollen < /p>
Found 2 AuthenticationProvider -Bohnen mit Namen [Namen [Namen

Code: Select all

mxpTokenExchangeAuthenticationProvider

, mxptokenrevocationAuthenticationProvider ]. Der Global Authentication Manager wird nicht mit Authentifizierungsproviders konfiguriert. Erwägen Sie, eine einzelne Authentifizierungsprovider-Bean zu veröffentlichen oder Ihre Anbieter direkt mit dem DSL zu verkabeln.

Code: Select all

@Bean
@Order(1) // Ensure that OAuth filter chain is processed first
public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http,
MxpTokenExchangeAuthorizationHandler mxpTokenExchangeAuthorizationHandler,
MxpAuthorizeExchangeHandler mxpAuthorizeExchangeHandler) throws Exception {
OAuth2AuthorizationServerConfigurer oauth2AuthorizationServerConfigurer =
OAuth2AuthorizationServerConfigurer.authorizationServer();

RequestMatcher requestMatcher = request
-> (
// irelevant code that builds a security matcher
);
MxpAuthRequestsMatcher mxpAuthRequestsMatcher =
new MxpAuthRequestsMatcher(requestMatcher);
http.securityMatcher(mxpAuthRequestsMatcher)
.csrf(csrf -> csrf.ignoringRequestMatchers(requestMatcher))
.authenticationManager(customAuthenticationManager())
.authorizeHttpRequests(auth
-> auth.requestMatchers(requestMatcher)
.permitAll()
// disable  other endpoints
.requestMatchers("/.well-known/jwks.json")
.denyAll()
.requestMatchers("/oauth2/introspect")
.denyAll()
.requestMatchers("/connect/register")
.denyAll()
.requestMatchers("/userinfo")
.denyAll()
.requestMatchers("/connect/logout")
.denyAll())
.with(oauth2AuthorizationServerConfigurer,
(authorizationServer)
-> authorizationServer.tokenRevocationEndpoint(
tokenRevocationEndpoint
-> tokenRevocationEndpoint
.revocationRequestConverter(
new MxpRevocationRequestConverter())
.revocationResponseHandler(
new MxpRevocationResponseHandler())
.errorResponseHandler(mxpOAuth2ExceptionHandler)));

http.addFilterBefore(
new MxpTokenEndpointFilter(mxpTokenExchangeAuthorizationHandler,
mxpAuthorizeExchangeHandler, mxpConfiguration),
UsernamePasswordAuthenticationFilter.class);

return http.build();
}
< /code>
Versuch 1, um dies zu beheben, war mit einem AuthenticationManager < /p>
@Bean
public AuthenticationManager customAuthenticationManager() throws Exception {
return new ProviderManager(List.of(mxpTokenExchangeAuthenticationProvider,
mxpTokenRevocationAuthenticationProvider));
}
< /code>
Versuch Nr.  2 durch Verkabelung der Authentifizierungsprovider-Beans direkt in Ihrer Httpsecurity-Konfiguration.@Bean
public AuthenticationManager customAuthenticationManager() throws Exception {
return new ProviderManager(List.of(mxpTokenExchangeAuthenticationProvider,
mxpTokenRevocationAuthenticationProvider));
}

@Bean
@Order(1) // Ensure that OAuth filter chain is processed first
public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http,
MxpTokenExchangeAuthorizationHandler mxpTokenExchangeAuthorizationHandler,
MxpAuthorizeExchangeHandler mxpAuthorizeExchangeHandler) throws Exception {
OAuth2AuthorizationServerConfigurer oauth2AuthorizationServerConfigurer =
OAuth2AuthorizationServerConfigurer.authorizationServer();

RequestMatcher requestMatcher = request
-> (
// irelevant code that builds a security matcher
);
MxpAuthRequestsMatcher mxpAuthRequestsMatcher =
new MxpAuthRequestsMatcher(requestMatcher);
http.securityMatcher(mxpAuthRequestsMatcher)
.csrf(csrf -> csrf.ignoringRequestMatchers(requestMatcher))
.authenticationProvider(mxpTokenExchangeAuthenticationProvider)
.authenticationProvider(mxpTokenRevocationAuthenticationProvider)
.authorizeHttpRequests(auth
-> auth.requestMatchers(requestMatcher)
.permitAll()
// disable  other endpoints
.requestMatchers("/.well-known/jwks.json")
.denyAll()
.requestMatchers("/oauth2/introspect")
.denyAll()
.requestMatchers("/connect/register")
.denyAll()
.requestMatchers("/userinfo")
.denyAll()
.requestMatchers("/connect/logout")
.denyAll())
.with(oauth2AuthorizationServerConfigurer,
(authorizationServer)
-> authorizationServer.tokenRevocationEndpoint(
tokenRevocationEndpoint
-> tokenRevocationEndpoint
.revocationRequestConverter(
new MxpRevocationRequestConverter())
.revocationResponseHandler(
new MxpRevocationResponseHandler())
.errorResponseHandler(mxpOAuth2ExceptionHandler)));

http.addFilterBefore(
new MxpTokenEndpointFilter(mxpTokenExchangeAuthorizationHandler,
mxpAuthorizeExchangeHandler, mxpConfiguration),
UsernamePasswordAuthenticationFilter.class);

return http.build();
}
< /code>
Beide Authentifizierungsanbieter implementieren die Authentifizierungsprovider < /p>
@Component
@Slf4j
public class MxpTokenExchangeAuthenticationProvider
implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
// code
}

@Component
public class MxpTokenRevocationAuthenticationProvider
implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {}

@Override
public boolean supports(Class authentication) {
return OAuth2TokenRevocationAuthenticationToken
.class.isAssignableFrom(authentication);
}
}

@Override
public boolean supports(Class authentication) {
return MxpAuthenticationToken.class.isAssignableFrom(authentication);
}

@Component
public class MxpTokenRevocationAuthenticationProvider
implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
// code
}

@Override
public boolean supports(Class authentication) {
return OAuth2TokenRevocationAuthenticationToken
.class.isAssignableFrom(authentication);
}
}