Arian Hosseinzadeh:
En mi aplicación de arranque primavera, tengo las dos clases siguientes:
@EnableWebSecurity
public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationFilter jwtAuthenticationFilter;
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// TODO re-enable csrf after dev is done
.csrf()
.disable()
// we must specify ordering for our custom filter, otherwise it
// doesn't work
.addFilterAfter(jwtAuthenticationFilter,
UsernamePasswordAuthenticationFilter.class)
// we don't need Session, as we are using jwt instead. Sessions
// are harder to scale and manage
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
y:
@Component
public class JwtAuthenticationFilter extends
AbstractAuthenticationProcessingFilter {
/*
* we must set authentication manager for our custom filter, otherwise it
* errors out
*/
@Override
@Autowired
public void setAuthenticationManager(
AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
}
JwtAuthenticationFilter
depende de un AuthenticationManager
frijol a través de su setAuthenticationManager
método, sino que el frijol se crea en la AppSecurityConfig
que ha JwtAuthenticationFilter
autowired en. Todo esto crea una dependencia circular. ¿Cómo debo resolver este problema?
Arian Hosseinzadeh:
He arreglado este problema siguiendo lo que se sugiere aquí: No se puede pasar a AuthenticationManager filtro personalizado por @Autowired
Quité @Component
de JwtAuthenticationFilter
y en lugar de autowiring JwtAuthenticationFilter
a WebSecurityConfig
clase, he definido el grano de allí:
@Bean
public JwtAuthenticationFilter JwtAuthenticationFilter() {
return new JwtAuthenticationFilter();
}