[스프링 시큐리티] security6.x에서의 filter등록시 authenticationManager관련 이슈 해결방법

6.0이상에선 websecurityconfigureradapter가 사라지면서 UsernamePasswordAuthenticationFilter를 사용할때 authenticationManager를 받아오는게 달라져서 시행착오를 좀 겪었음

그래서 해결방법을 기록해둠

모든 코드는 코틀린임

 

1.시큐리티컨피그(시큐리티설정파일)에서 AuthenticationConfiguration 를 di받음

@Configuration
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
class SecurityConfig(
		val authenticationConfiguration: AuthenticationConfiguration) {
	//...
}

2.필터만들기(메인로직)

class JwtAuthFilter(private val authenticationManager:AuthenticationManager):UsernamePasswordAuthenticationFilter() {
    override fun attemptAuthentication(request: HttpServletRequest?, response: HttpServletResponse?): Authentication {
		//로그인로직위치
    }

}
//

여기서 authenticationManager에 private를 붙여줘야함,아니면 시큐리티가 만든 빈이랑 충돌나는듯

 

3.필터등록

@Configuration
@EnableWebSecurity
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
class SecurityConfig(val authenticationConfiguration: AuthenticationConfiguration) {
    @Bean
    fun filterChain(http:HttpSecurity):SecurityFilterChain{
        //...기타로직
        http.addFilter(JwtAuthFilter(authenticationManager(authenticationConfiguration)))
        //...기타로직

        return http.build()
    }
}

이렇게 생성하면 별문제없이 사용가능했음