我正在制作custom-security-spring-boot-starter。
一个问题是应用程序不使用我的身份验证 bean。看起来只是使用了依赖 spring-boot-starter-security 和默认的 auth beans。
在入门依赖项中我只使用:
"org.springframework.boot:spring-boot-starter-security"
我使用 spring-boot 2.7 并且我已经设置了 META-INF/spring.factories:
org.springframework.boot.autoconfigure.EnableAutoConfiguration=rest.auth.configuration.WebFluxSecurityConfiguration,rest.auth.configuration.WebSecurityConfiguration
在我的启动器中,我已经覆盖了 auth beans:
@Configuration
@EnableWebFluxSecurity
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
class WebFluxSecurityConfiguration {
@Bean
fun userDetailsService(
userDetails: UserDetails,
): ReactiveUserDetailsService {
...
}
@Bean
fun securityFilterChain(
http: ServerHttpSecurity,
): SecurityWebFilterChain {
...
}
}
@Configuration
@EnableWebSecurity
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
class WebSecurityConfiguration {
@Bean
fun userDetailsService(
userDetails: UserDetails,
): UserDetailsService {
...
}
@Bean
fun securityFilterChain(
http: HttpSecurity,
): SecurityFilterChain {
...
}
}
但是这些bean不应用于应用程序并使用默认的auth beans。
在此之前,我在每个 bean 上添加了 @AutoConfigureOrder(Ordered.HIGHEST_PRECEDENCE) ,但我应该只在配置类上添加。
@Configuration
@EnableWebFluxSecurity
@AutoConfigureOrder(Ordered.HIGHEST_PRECEDENCE)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
class WebFluxSecurityConfiguration {
@Bean
fun userDetailsService(
userDetails: UserDetails,
): ReactiveUserDetailsService {
...
}
@Bean
fun securityFilterChain(
http: ServerHttpSecurity,
): SecurityWebFilterChain {
...
}
}
@Configuration
@EnableWebSecurity
@AutoConfigureOrder(Ordered.HIGHEST_PRECEDENCE)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
class WebSecurityConfiguration {
@Bean
fun userDetailsService(
userDetails: UserDetails,
): UserDetailsService {
...
}
@Bean
fun securityFilterChain(
http: HttpSecurity,
): SecurityFilterChain {
...
}
}