将 Spring Boot 与 Spring Security 集成

【问题标题】:Integrating Spring boot with Spring Security将 Spring Boot 与 Spring Security 集成
【发布时间】:2015-04-05 03:59:23
【问题描述】:

这是我的应用程序类。

@SpringBootApplication
@ComponentScan({"org.app.genesis.client.controller","org.app.genesis.commons.service",
    "org.app.genesis.commons.security","org.app.genesis.inventory.service","org.app.genesis.client.auth"})
@EnableJpaRepositories(basePackages = "org.app.genesis.*.repo")
@EntityScan(basePackages = "org.app.genesis.*.model")
public class Application extends SpringBootServletInitializer {

    public static void main(String[] args) {
        ApplicationContext ctx = SpringApplication.run(Application.class, args);
    }

    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(Application.class);
    }

   ..other configs here

    @Configuration
    @EnableWebSecurity
    @ComponentScan({"org.app.genesis.client.auth"})
    public class SecurityConfig extends WebSecurityConfigurerAdapter {

        @Autowired
        private AuthenticationProvider customAuthProvider;

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth.authenticationProvider(customAuthProvider);
        }
    }
}

但是,每当我构建应用程序时。它总是抛出这个异常

[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:1.2.3.RELEASE:run (default-cli) on project app-client-webapp: An exception occured while running. null:
 InvocationTargetException: Unable to start embedded container; nested exception is org.springframework.boot.context.embedded.EmbeddedServletContainerException: Unable to start embedded Tomcat: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void `org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(org.springframework.security.config.annotation.ObjectPostProcessor,java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.app.genesis.client.Application$SecurityConfig': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.app`enter code here`.genesis.client.Application$SecurityConfig$$EnhancerBySpringCGLIB$$b49171d7]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.app.genesis.client.Application$SecurityConfig$$EnhancerBySpringCGLIB$$b49171d7.<init>() -> [Help 1]`

编辑:新的 Spring 安全配置

@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("customAuthenticationProvider")
    private AuthenticationProvider customAuthProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth){
        auth.authenticationProvider(customAuthProvider);
    }

    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests().anyRequest().authenticated();
        http
            .formLogin().failureUrl("/login?error")
            .defaultSuccessUrl("/dashboard")
            .loginPage("/login")
            .permitAll()
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login")
            .permitAll().and().csrf().disable();
    }
}

【问题讨论】:

    标签: java spring spring-mvc spring-security spring-boot


    【解决方案1】:

    缺少完整的代码,因此我无法确定导致此问题的行,但我一定会尝试解释它,以便您自己修复它

    @EnableWebSecurity

    JavaDoc 文档:

    将此注解添加到@Configuration 类以拥有Spring 在任何 WebSecurityConfigurer 或更多中定义的安全配置 可能通过扩展 WebSecurityConfigurerAdapter 基类和 覆盖单个方法。

    您似乎错过了覆盖 WebSecurityConfigurerAdapter 基类的“configure”方法,或者没有正确实现“configureGlobal”方法,或者您可能想要创建一个扩展 AbstractSecurityWebApplicationInitializer 的类,它会自动加载 springSecurityFilterChain。

    但是我建议您浏览以下来源,您应该能够弄清楚您缺少什么。

    1. https://github.com/spring-projects/spring-security-oauth-javaconfig/blob/master/samples/oauth2-sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/SecurityConfiguration.java
    2. http://www.mkyong.com/spring-security/spring-security-hello-world-annotation-example/

    【讨论】:

    • 我设法让它启动并运行,但是每当我登录时,我的 customAuthenticationProvider 都没有被使用。有什么方法可以检查这个问题吗?另外,我已经更新了我的代码。请参阅上面的更新
    • 据我了解,您似乎刚刚自动装配了自定义 AuthenticationProvider,但您没有覆盖“受保护的无效配置(AuthenticationManagerBuilder auth)”或“公共 AuthenticationManager authenticationManagerBean()”,这意味着您没有'不要告诉 spring security 使用你的自定义“AuthenticationProvider”。
    • 我以为我已经将它传递给 http.authenticationProvider(customAuthProvider); ?有什么不同吗?
    • "authenticationManagerBean" 方法不应返回 "super.authenticationManagerBean()",其中应返回带有自定义 authProvider 的 authenticationManager。
    • 你能举个例子吗?
    猜你喜欢
    • 2015-05-27
    • 2016-03-11
    • 2014-05-22
    • 2014-05-16
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2015-11-13
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode