在类路径资源 3 中创建名称为“springSecurityFilterChain”的 bean 时出错答案

【问题标题】：Error creating bean with name 'springSecurityFilterChain' defined in class path resource 3在类路径资源 3 中创建名称为“springSecurityFilterChain”的 bean 时出错
【发布时间】：2019-02-26 14:44:58
【问题描述】：

由于我是 Spring 和 Spring Security 的新手，并且遵循一些 YouTube 教程，因此我编写的代码完全相同并出现上述错误。

错误

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:625) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:456) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1287) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1126) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:538) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:498) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:307) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:848) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:865) ~[spring-context-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:548) ~[spring-context-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) ~[spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:797) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:421) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:340) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1291) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1279) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at com.spring.security.SpringsecurityApplication.main(SpringsecurityApplication.java:12) [classes/:na]
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:620) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
... 21 common frames omitted
Caused by: java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection
at org.springframework.util.Assert.notNull(Assert.java:198) ~[spring-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.core.userdetails.User.sortAuthorities(User.java:163) ~[spring-security-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.core.userdetails.User.<init>(User.java:123) ~[spring-security-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.core.userdetails.User$UserBuilder.build(User.java:535) ~[spring-security-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer$UserDetailsBuilder.build(UserDetailsManagerConfigurer.java:279) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.initUserDetailsService(UserDetailsManagerConfigurer.java:60) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer.configure(UserDetailsServiceConfigurer.java:47) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer.configure(UserDetailsServiceConfigurer.java:34) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:384) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:330) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:201) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:321) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:92) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at com.spring.security.config.SecurityConfiguration$$EnhancerBySpringCGLIB$$1d8d4c86.init(<generated>) ~[classes/:na]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:371) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$efe529b0.CGLIB$springSecurityFilterChain$1(<generated>) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$efe529b0$$FastClassBySpringCGLIB$$8d960911.invoke(<generated>) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244) ~[spring-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]

安全配置文件

@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
    .withUser("abhi").password("test").and()
    .withUser("kumar").password("test2");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.authorizeRequests()
    .anyRequest()
    .fullyAuthenticated()
    .and().httpBasic();
    httpSecurity.csrf().disable();

}}

我也提到了类似的问题，但没有一个能解决我的错误。这是我第一个使用 Spring Security 的程序。

【问题讨论】：

根据您收到的错误，您似乎需要为定义的用户分配角色。看看这个答案stackoverflow.com/questions/38687209/…
感谢@madhu，但为什么是角色？你能解释一下吗
我已经在我的回答中解释过了。这是否消除了您的疑问并回答了您的问题？

标签： java spring spring-mvc spring-boot spring-security

【解决方案1】：

为避免Cannot pass a null GrantedAuthority collection，您必须为每个用户分配用户角色.roles("USER")。

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
    .withUser("abhi").password("test").roles("USER")
    .and()
    .withUser("kumar").password("test2").roles("USER");
}

【讨论】：

感谢@benjamin，但为什么是角色？你能解释一下吗？

【解决方案2】：

如果您想允许所有用户角色，请在下面使用，但角色必须作为空白传递。改变它，你应该会很好。

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("abhi").password("test").roles("")
                 .and()
                .withUser("kumar").password("test2").roles("");
    }

【讨论】：

感谢@kj007，但为什么要扮演角色，因为每个用户都不能是管理员或普通用户，我希望你明白我想说什么？你能解释一下吗
Grand Authority 不能只为 null，如果没有用户角色，它可以传递为空，因为它比较时 null 抛出错误，所以在你的情况下传递空，正如我在回答中建议的那样。

【解决方案3】：

当您使用auth.inMemoryAuthentication().withUser 覆盖configure(AuthenticationManagerBuilder auth) 方法时，您实际上是在创建一个新用户（org.springframework.security.core.userdetails.User 类型）。

每当需要创建一个新的用户对象并将其添加到 spring 安全生态系统时，它都需要 3 个不可为空的参数。他们是

String username
String password
Collection<? extends GrantedAuthority> authorities

因此，当您使用withUser(String username) 和password(String password) 提供用户名和密码时，您还必须使用roles(String... roles)、authorities(GrantedAuthority... authorities)、authorities(List<? extends GrantedAuthority> authorities) 或authorities(String... authorities) 向用户提供权限。对您来说最简单的方法是使用roles(String... roles) 方法并提供您想要的角色，例如role("USER")，或者如果您不想提供任何角色，只需使用role("")，这将传递一个空集合到 User 对象的 Collection<? extends GrantedAuthority> authorities 属性。所以本质上，你需要修改configure方法如下：

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
     .withUser("abhi").password("test").roles("") //or .roles("USER")
     .and()
     .withUser("kumar").password("test2").roles(""); //or .roles("USER")
}

以下来自org.springframework.security.core.userdetails.User的文档

@throws IllegalArgumentException 如果 null 值被传递为 GrantedAuthority 集合中的参数或元素

【讨论】：

你可以在这里指导 - stackoverflow.com/questions/68482157/… 吗？

【解决方案4】：

从类“extends WebSecurityConfigurerAdapter”中删除，@override 和程序将编译:)

【讨论】：