Spring Security中如何获取AuthenticationManager对象

获取AuthenticationManager对象的方法会因不同的Spring Security版本而有所不同，以下是三种常用的方法及示例：

方法一：使用@Configuration注解配置

在Spring Security配置类中添加@Bean注解并返回AuthenticationManager对象即可。

示例一：Spring Boot 1.x版本

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsServiceImpl userDetailsService;

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/admin/**").hasAuthority("ADMIN")
                .antMatchers("/user/**").hasAnyAuthority("USER", "ADMIN")
                .and()
                .formLogin();    
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

在上面的配置中，我们通过@Bean注解为AuthenticationManager对象创建并返回了一个bean。然后使用@Autowired注解和@Qualifier注解获取AuthenticationManager对象并使用它来启用OAuth2协议的授权码模式（authorization code grant）。

示例二：Spring Boot 2.x + OAuth2.0

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService; 

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                    .antMatchers("/login", "/logout", "/callback", "/error").permitAll()
                    .anyRequest().authenticated()
                    .and()
                .formLogin()
                    .loginPage("/login")
                    .defaultSuccessUrl("/")
                    .permitAll()
                    .and()
                .logout()
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/login?logout")
                    .permitAll();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

在这个配置中，我们使用BCryptPasswordEncoder来加密密码并且通过userDetailsService()方法将其传递给AuthenticationManagerBuilder对象。然后，我们实现了HTTP安全配置，通过表单认证提供了用户登录，同时还包括成功和失败的处理逻辑。

方法二：使用SecurityContextHolder类

可以使用SecurityContextHolder.getContext().getAuthentication()获取全局的Authentication对象，进而获取AuthenticationManager对象。

示例三：使用SecurityContextHolder获取AuthenticationManager对象

import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

public class MyService {

    private AuthenticationManager authenticationManager;

    public MyService(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void doSomething() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        // 使用authenticationManager进行其他操作
    }

}

在这个示例中，我们在MyService类的构造函数中传递了AuthenticationManager实例，然后我们可以使用SecurityContextHolder获取当前的Authentication对象，从而获取AuthenticationManager对象，并在执行doSomething()方法是使用authenticationManager执行其他操作。