版本
spring-security:6.2.1
满足下列情况时,spring-security会自动配置DaoAuthenticationProvider
- 使用@EnableWebSecurity
- 注册UserDetailsServiceBean
- 没有注册其他AuthenticationProvider类型的Bean
- 没有通过http.authenticationProvider配置
源码
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
// 导入全局认证配置
@EnableGlobalAuthentication
public @interface EnableWebSecurity {}
org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication
// 导入认证配置
@Import(AuthenticationConfiguration.class)
public @interface EnableGlobalAuthentication {}
org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
public class AuthenticationConfiguration {...@Beanpublic static InitializeUserDetailsBeanManagerConfigurer initializeUserDetailsBeanManagerConfigurer(ApplicationContext context) {return new InitializeUserDetailsBeanManagerConfigurer(context);}...
}
org.springframework.security.config.annotation.authentication.configuration.InitializeUserDetailsBeanManagerConfigurer
@Order(InitializeUserDetailsBeanManagerConfigurer.DEFAULT_ORDER)
class InitializeUserDetailsBeanManagerConfigurer extends GlobalAuthenticationConfigurerAdapter {...@Overridepublic void init(AuthenticationManagerBuilder auth) throws Exception {auth.apply(new InitializeUserDetailsManagerConfigurer());}class InitializeUserDetailsManagerConfigurer extends GlobalAuthenticationConfigurerAdapter {@Overridepublic void configure(AuthenticationManagerBuilder auth) throws Exception {if (auth.isConfigured()) { // 如果认证提供者不为空(通过httpSecurity配置了认证提供者,或者注册了AuthenticationProvider类型的Bean),或者上级的认证管理器不为空则跳过return;}UserDetailsService userDetailsService = getBeanOrNull(UserDetailsService.class);if (userDetailsService == null) { // 如果没有注册 UserDetailsService Bean则跳过return;}// 获取密码编码器 BeanPasswordEncoder passwordEncoder = getBeanOrNull(PasswordEncoder.class);// 获取 UserDetailsPasswordService Bean (用于密码重新编码)UserDetailsPasswordService passwordManager = getBeanOrNull(UserDetailsPasswordService.class);// 创建并注册 DaoAuthenticationProvider DaoAuthenticationProvider provider = new DaoAuthenticationProvider();provider.setUserDetailsService(userDetailsService);if (passwordEncoder != null) {provider.setPasswordEncoder(passwordEncoder);}if (passwordManager != null) {provider.setUserDetailsPasswordService(passwordManager);}provider.afterPropertiesSet();auth.authenticationProvider(provider);}}...
}
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
public class AuthenticationManagerBuilderextends AbstractConfiguredSecurityBuilder<AuthenticationManager, AuthenticationManagerBuilder>implements ProviderManagerBuilder<AuthenticationManagerBuilder> {...public boolean isConfigured() {return !this.authenticationProviders.isEmpty() || this.parentAuthenticationManager != null;}...
}