11

I use:

  • spring boot: 1.1.7
  • spring-security: 4.0.0.M2
  • spring-fmk: 4.1.1.RELEASE

Everything is configured with Java Config (including spring-security)

I'm working on a web server project where Authentication: Basic base64Gibberish header are used to authenticate users.

The problem is that depending on the URI the AuthenticationManager is different (because I need 2 different UserDetailsService.

  • /URI1/** => authManager1
  • /URI2/** => authManager2

I've tried multiple extensions of WebSecurityConfigurerAdapter with 

@Override
@Bean( name = "authManager1" )
public AuthenticationManager authenticationManagerBean() throws Exception

@Override
@Bean( name = "authManager2" )
public AuthenticationManager authenticationManagerBean() throws Exception

to no avail

I always get: 

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' 
defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Instantiation of bean failed; 
nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: 
Factory method [public javax.servlet.Filter org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain() throws java.lang.Exception] 
threw exception; nested exception is java.lang.IllegalArgumentException: 
Expecting to only find a single bean for type interface org.springframework.security.authentication.AuthenticationManager, 
but found [authManager1, authManager2]

Since I have multiple security filter chains how can I "tell" spring-security to inject different AuthenticationManager in different security filter chains ?

Thanks in advance P.

Improve this question
1
  • I have the same prob. How you have created separate AuthManagers Commented Feb 9, 2020 at 10:23

1 Answer 1

Reset to default
12

You can have multiple http configuration elements, each with its own AuthenticationManager. It could look like that :

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    private AuthenticationManager authenticationManager1() {
        // defines first AuthenticationManager
        return authenticationManager;
    }

    @Bean
    private AuthenticationManager authenticationManager2() {
        // defines second AuthenticationManager
        return authenticationManager;
    }

    @Configuration
    @Order(1)
    public static class Uri1ApiConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        @Qualifier(authenticationManager1)
        private authManager1;

        @Override
        protected AuthenticationManager authenticationManager() {
            return authManager1;
        }

        protected void configure(HttpSecurity http) throws Exception {
            http
                .antMatcher("/URI1/**")
                ...
        }
    }

    @Configuration
    @Order(2)
    public static class Uri2ApiConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Autowired
        @Qualifier(authenticationManager2)
        private authManager2;

        @Override
        protected AuthenticationManager authenticationManager() {
            return authManager2;
        }

        protected void configure(HttpSecurity http) throws Exception {
            http
                .antMatcher("/URI2/**")
                ...
        }
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is not the correct answer due to below reasons: - You cannot have the private method in the class annotated with Configuration because Bean-method in Configuration must be overridable. - authenticationManager1 is not accessible in the nested class and there is no point of referencing it here => Qualifier(authenticationManager1).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.