Autowiring Spring Authentication Manager in Java Config

StackOverflow https://stackoverflow.com/questions/23512837

  •  16-07-2023
  •  | 
  •  

Question

I've set a custom authentication provider:

@Configuration
@EnableWebSecurity
@EnableGlobalAuthentication
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("samlAuthenticationProvider")
    SAMLAuthenticationProvider samlAuthenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /**
         * Do your stuff here
         */
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(samlAuthenticationProvider);
    }   

}

Now, I'd like to set also an alias for the authentication-manager, then I'd like to autowire it in another bean definition.

Eg:

<!-- Register authentication manager with SAML provider -->
<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="samlAuthenticationProvider" />
</security:authentication-manager>

<!-- Processing filter for WebSSO Holder-of-Key profile -->
<bean id="samlWebSSOHoKProcessingFilter"
    class="org.springframework.security.saml.SAMLWebSSOHoKProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="authenticationSuccessHandler" ref="successRedirectHandler" />
</bean>

Is there a way to do that only in Java Config?

Was it helpful?

Solution

I'm not well with new Security Java Configuration, but here is what I see from source code:

@Import(AuthenticationConfiguration.class)
public @interface EnableGlobalAuthentication {}

This annotation imports AuthenticationConfiguration who is @Configuration as well. Any @Configuration is registered as bean, too. So, you can do like this from WebSecurityConfigurerAdapter:

@Autowired
public void setAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
     this.authenticationConfiguration = authenticationConfiguration;
}

And get access to the AuthenticationManager:

this.authenticationConfiguration.getAuthenticationManager();

From xml perspective you can use SpEL to get access to that authenticationManager:

<property name="authenticationManager" value="#{authenticationConfiguration.authenticationManager}" />

Sorry, I don't see the point, where AuthenticationManager is registered as a bean. From here you can't configure an alias for him.

UPDATE

BTW, if you are going to @Autowired the AuthenticationManager to some other component, the @Value come to the resque:

@Value("#{authenticationConfiguration.authenticationManager}")
private AuthenticationManager authenticationManager;

UPDATE2

Found it WebSecurityConfigurerAdapter. The source code and JavaDocs:

/**
 * Override this method to expose the {@link AuthenticationManager} from
 * {@link #configure(AuthenticationManagerBuilder)} to be exposed as
 * a Bean. For example:
 *
 * <pre>
 * &#064;Bean(name name="myAuthenticationManager")
 * &#064;Override
 * public AuthenticationManager authenticationManagerBean() throws Exception {
 *     return super.authenticationManagerBean();
 * }
 * </pre>
 *
 * @return the {@link AuthenticationManager}
 * @throws Exception
 */
public AuthenticationManager authenticationManagerBean() throws Exception {
    return new AuthenticationManagerDelegator(authenticationBuilder);
}

UPDATE3

How tou get access to the existing AuthenticationManager from custom WebSecurityConfigurerAdapterand configure SAMLWebSSOHoKProcessingFilter?

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Bean
  public SAMLWebSSOHoKProcessingFilter samlFilter() {
    SAMLWebSSOHoKProcessingFilter samlFilter = new SAMLWebSSOHoKProcessingFilter();
    samlFilter.setAuthenticationManage(authenticationManager());
    .......
    return samlFilter;
  }

  @Override  
  protected void configure(HttpSecurity http) throws Exception {
      http.addFilter(samlFilter());
  }
}

OTHER TIPS

This works for me:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        ...
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        ...
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

and

@Component
public class UsernamePasswordAuth extends UsernamePasswordAuthenticationFilter {

    @Autowired
    public UsernamePasswordAuth(AuthenticationManager authenticationManager) {
        setAuthenticationManager(authenticationManager);

        setFilterProcessesUrl("/api/services/login");
    }
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top