開發(fā)過程中遇到奇怪的現象，當我集成spring-security后變進入不了remote-shell的操作界面，也就是說用戶名和密碼設置了但是不起作用。本節(jié)說明的內容是SpringBoot的版本為1.4.0.RELEASE。
首先，我們再yml中配置的內容如下

management.shell.auth:
                    simple.user:
                            name: test
                            password: test

表示的是用戶名和密碼都是test.
先說一下我們的解決方案：

management.shell.auth:
                    simple.user:
                            name: test
                            password: test
management.shell.auth.type: simple

其實就是手動指定了一下認證的方式為simple。但是為什么通過手動指定就可以呢？讓我們看一下加上和不加上對于掃描Bean的區(qū)別（只看關鍵的Bean）。我們首先需要了解的是spring boot 引入CRaSH是通過CrshAutoConfiguration。
如果不指定認證方式的話，

不指定.png

如果指定認證方式：

指定.png

可以看出，指定時使用了SimpleAuthenticationProperties，不指定時會多出AuthenticationManagerAdapterConfiguration，AuthenticationManagerAdapter，SpringAuthenticationProperties。
下面我截取了里面的關鍵代碼

    @Configuration
    static class CrshAdditionalPropertiesConfiguration {

        @Bean
        @ConditionalOnProperty(prefix = AUTH_PREFIX, name = "type", havingValue = "jaas")
        @ConditionalOnMissingBean(CrshShellAuthenticationProperties.class)
        public JaasAuthenticationProperties jaasAuthenticationProperties() {
            return new JaasAuthenticationProperties();
        }

        @Bean
        @ConditionalOnProperty(prefix = AUTH_PREFIX, name = "type", havingValue = "key")
        @ConditionalOnMissingBean(CrshShellAuthenticationProperties.class)
        public KeyAuthenticationProperties keyAuthenticationProperties() {
            return new KeyAuthenticationProperties();
        }

        @Bean
        //條件屬性management.shell.auth.type如果設置了為simple（如果沒有設置那么也可以匹配）那么就會初始化SimpleAuthenticationProperties
        @ConditionalOnProperty(prefix = AUTH_PREFIX, name = "type", havingValue = "simple", matchIfMissing = true)
        //沒有CrshShellAuthenticationProperties類型的實例創(chuàng)建SimpleAuthenticationProperties 的實例
        @ConditionalOnMissingBean(CrshShellAuthenticationProperties.class)
        public SimpleAuthenticationProperties simpleAuthenticationProperties() {
            return new SimpleAuthenticationProperties();
        }

    }

    /**
     * Class to configure CRaSH to authenticate against Spring Security.
     */
    @Configuration
    @ConditionalOnProperty(prefix = AUTH_PREFIX, name = "type", havingValue = "spring", matchIfMissing = true)
      //AuthenticationManager類型的Bean存在的情況下才會初始化AuthenticationManagerAdapterConfiguration Bean
    @ConditionalOnBean(AuthenticationManager.class)
    public static class AuthenticationManagerAdapterConfiguration {

        private final ManagementServerProperties management;

        public AuthenticationManagerAdapterConfiguration(
                ObjectProvider<ManagementServerProperties> managementProvider) {
            this.management = managementProvider.getIfAvailable();
        }

        @Bean
        public AuthenticationManagerAdapter shellAuthenticationManager() {
            return new AuthenticationManagerAdapter();
        }

        @Bean
        @ConditionalOnMissingBean(CrshShellAuthenticationProperties.class)
        public SpringAuthenticationProperties springAuthenticationProperties() {
            SpringAuthenticationProperties authenticationProperties = new SpringAuthenticationProperties();
            if (this.management != null) {
                List<String> roles = this.management.getSecurity().getRoles();
                authenticationProperties
                        .setRoles(roles.toArray(new String[roles.size()]));
            }
            return authenticationProperties;
        }
    }

一些關鍵的注解都做了解釋，現在來總結一下。
當沒有使用到spring-security的時候，因為

@ConditionalOnBean(AuthenticationManager.class)

條件不滿足，所以AuthenticationManagerAdapterConfiguration這個Bean就無法實例化。然后

        @Bean
        @ConditionalOnProperty(prefix = AUTH_PREFIX, name = "type", havingValue = "simple", matchIfMissing = true)
        @ConditionalOnMissingBean(CrshShellAuthenticationProperties.class)
        public SimpleAuthenticationProperties simpleAuthenticationProperties() {
            return new SimpleAuthenticationProperties();
        }

條件都滿足，所以初始化了SimpleAuthenticationProperties，而這個類里面放的就是我們的設置的用戶名和密碼。

當我們引入了spring-security并且有AuthenticationManager類型的Bean的時候，那么

@Configuration
    @ConditionalOnProperty(prefix = AUTH_PREFIX, name = "type", havingValue = "spring", matchIfMissing = true)
    @ConditionalOnBean(AuthenticationManager.class)
    public static class AuthenticationManagerAdapterConfiguration {...}

這個Bean就會實例化。隨后

@Bean
        public AuthenticationManagerAdapter shellAuthenticationManager() {
            return new AuthenticationManagerAdapter();
        }

        @Bean
        @ConditionalOnMissingBean(CrshShellAuthenticationProperties.class)
        public SpringAuthenticationProperties springAuthenticationProperties() {
            // In case no management.shell.auth.type property is provided fall back to
            // Spring Security based authentication and get role to access shell from
            // ManagementServerProperties.
            // In case management.shell.auth.type is set to spring and roles are
            // configured using shell.auth.spring.roles the below default role will be
            // overridden by ConfigurationProperties.
            SpringAuthenticationProperties authenticationProperties = new SpringAuthenticationProperties();
            if (this.management != null) {
                List<String> roles = this.management.getSecurity().getRoles();
                authenticationProperties
                        .setRoles(roles.toArray(new String[roles.size()]));
            }
            return authenticationProperties;
        }

這兩個Bean也會實例化。而我們需要的SimpleAuthenticationProperties這個Bean因為

@ConditionalOnProperty(prefix = AUTH_PREFIX, name = "type", havingValue = "simple", matchIfMissing = true)

這個條件不滿足所以不能初始化成功。因為type已經是spring了。

也許有人會有疑惑，為什么

@ConditionalOnProperty(prefix = AUTH_PREFIX, name = "type", havingValue = "simple", matchIfMissing = true)
@ConditionalOnProperty(prefix = AUTH_PREFIX, name = "type", havingValue = "spring", matchIfMissing = true)

spring會選擇后者，因為后者打在了Configuration上，而前者打在了Bean
Spring會先處理Configuration后處理Bean。

綜上所述，要想保證功能remote-shell功能正常運行，加上認證的類型。