Spring Security 错误:java.lang.IllegalStateException: Can't configure anyRequest after itself [SpringBoot update 2.1.4 -> 2.3.11]

【问题标题】:Spring Security Error: java.lang.IllegalStateException: Can't configure anyRequest after itself [SpringBoot update 2.1.4 -> 2.3.11]Spring Security 错误:java.lang.IllegalStateException: Can't configure anyRequest after itself [SpringBoot update 2.1.4 -> 2.3.11]
【发布时间】:2021-08-25 04:47:51
【问题描述】:

我正在从 2.1.4 -> 2.3.11 更新我现有的 springboot 项目

扩展WebSecurityConfigurerAdapter的类的退出代码如下

@Override
protected void configure(HttpSecurity http) throws Exception {
             http.authorizeRequests().anyRequest().fullyAuthenticated()
            .and().cors().disable()
            .httpBasic().authenticationEntryPoint(authenticationEntryPoint())
            .and()
            .exceptionHandling()
            .and().csrf().disable()
            .addFilterBefore(new GenericFilter(), ChannelProcessingFilter.class)
            .addFilterBefore(new SomeTokenFilter(tokensService), UsernamePasswordAuthenticationFilter.class)
            .authorizeRequests().anyRequest().authenticated();
}

这是一个在更新之前正在运行的现有代码。更新后,我在应用程序启动时收到以下日志:

Caused by: java.lang.IllegalStateException: Can't configure anyRequest after itself
    at org.springframework.util.Assert.state(Assert.java:76) ~[spring-core-5.2.15.RELEASE.jar:5.2.15.RELEASE]
    at org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry.anyRequest(AbstractRequestMatcherRegistry.java:74) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
    at com.moglix.wms.config.SecurityConfig.configure(SecurityConfig.java:48) ~[classes/:na]
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:231) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:322) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:94) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
    at com.moglix.wms.config.SecurityConfig$$EnhancerBySpringCGLIB$$2778b12e.init(<generated>) ~[classes/:na]
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:370) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:324) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
    at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE

【问题讨论】:

  • 正如错误消息所说,当您已经配置 anyRequest 时,您无法配置 anyRequest。如果您要求用户进行完全身份验证,请删除 authorizeRequests().anyRequest().authenticated() 行。否则删除行authorizeRequests().anyRequest().fullyAuthenticated()。见stackoverflow.com/questions/59004025/…

标签: spring-boot spring-security


【解决方案1】:

问题是您的配置中有 2 次 anyRequest()。这是no longer allowed,从 Spring Security 5.2 开始。

【讨论】:

    猜你喜欢
    • 2020-03-19
    • 2022-12-21
    • 2012-08-15
    • 2019-05-03
    • 2022-02-09
    • 2020-09-18
    • 2017-10-11
    • 1970-01-01
    • 2018-09-23
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode