【问题标题】:ServerHttpSecurity bean not found未找到 ServerHttpSecurity bean
【发布时间】:2021-08-04 21:09:15
【问题描述】:

我有一个安全配置类,其中有一个 SecurityWebFilterChain bean。这个 bean 需要一个 ServerHttpSecuirty 实例,但是 spring 说它找不到任何该类型的 bean,尽管在外部库 (org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfiguration) 中创建了一个。我在 github 页面上看到了这个问题,他们说尝试不同的版本,但我使用的是 spring boot 2.4.5,所以它应该可以工作。

我的安全配置类:

@Configuration
public class SecurityConfig {
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http,
                                            JwtTokenProvider tokenProvider,
                                            ReactiveAuthenticationManager reactiveAuthenticationManager) {
    final String TAG_SERVICES = "/api/**";

    return http.csrf(ServerHttpSecurity.CsrfSpec::disable)
            .httpBasic(ServerHttpSecurity.HttpBasicSpec::disable)
            .authenticationManager(reactiveAuthenticationManager)
            .securityContextRepository(NoOpServerSecurityContextRepository.getInstance())
            .authorizeExchange(it -> it
                    .pathMatchers(HttpMethod.POST, TAG_SERVICES).hasAnyRole("USER","ADMIN")
                    .pathMatchers(HttpMethod.PUT, TAG_SERVICES).hasAnyRole("USER","ADMIN")
                    .pathMatchers(HttpMethod.GET, TAG_SERVICES).hasAnyRole("USER","ADMIN")
                    .pathMatchers(HttpMethod.DELETE, TAG_SERVICES).hasAnyRole("USER","ADMIN")
                    .pathMatchers(TAG_SERVICES).authenticated()
                    .anyExchange().permitAll()
            )
            .addFilterAt(new JwtTokenAuthenticationFilter(tokenProvider), SecurityWebFiltersOrder.HTTP_BASIC)
            .build();


}

}

我的应用类

@ConfigurationPropertiesScan

@SpringBootApplication(排除={DataSourceAutoConfiguration.class}) 公共类 TestPlatformBackendApplication {

public static void main(String[] args) {
    SpringApplication.run(TestPlatformBackendApplication.class, args);
}

}

外部库 Bean:

@Bean({"org.springframework.security.config.annotation.web.reactive.HttpSecurityConfiguration.httpSecurity"})
@Scope("prototype")
ServerHttpSecurity httpSecurity() {
    ServerHttpSecurityConfiguration.ContextAwareServerHttpSecurity http = new ServerHttpSecurityConfiguration.ContextAwareServerHttpSecurity();
    return http.authenticationManager(this.authenticationManager()).headers().and().logout().and();
}

【问题讨论】:

  • 你需要添加@EnableWebFluxSecurity这里是一个例子docs.spring.io/spring-security/site/docs/current/reference/…
  • 我正在关注一个不使用该注释的示例,它对我来说效果很好。另外,当我之前尝试过这样做时,它会启用不同类型的安全性。
  • 当您不包含注释时,您可能会获得默认的安全实现,当您使用注释时,您会用自定义的注释覆盖默认值。阅读文档docs.spring.io/spring-security/site/docs/current/api/org/…Add this annotation to a Configuration class to have Spring Security WebFlux support added. User's can then create one or more ServerHttpSecurity Bean instances.
  • 所以我添加了 '@EnableWebFluxSecurity' 注释,但我还添加了 'exclude={SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class}' 到我的 Spring Boot 应用程序注释中,这对我有用。

标签: spring spring-boot spring-webflux webflux


【解决方案1】:

正如 cmets 中推荐的 Toerktumlare12),我将 @EnableWebFluxSecurity 添加到我的安全配置中:

@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {

但我还在 @SpringBootApplication 注释中的排除项中添加了以下内容。

@ConfigurationPropertiesScan
    @SpringBootApplication(exclude={DataSourceAutoConfiguration.class, SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class})
    public class TestPlatformBackendApplication {

    public static void main(String[] args) {
        SpringApplication.run(TestPlatformBackendApplication.class, args);
    }

}

【讨论】:

    猜你喜欢
    • 2021-02-19
    • 1970-01-01
    • 2018-04-05
    • 1970-01-01
    • 1970-01-01
    • 2015-05-11
    • 2015-04-05
    • 2013-10-08
    • 2018-05-04
    相关资源
    最近更新 更多