spring security 3.x 到 4.x 迁移问题

【问题标题】:spring security 3.x to 4.x migration issuespring security 3.x 到 4.x 迁移问题
【发布时间】:2017-08-09 15:48:48
【问题描述】:

我正在尝试将 spring security 3.x 迁移到 4.x

这样做时我遇到了以下错误

Aug 27, 2016 11:16:03 AM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping#0': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.ws.soap.server.endpoint.interceptor.PayloadRootSmartSoapEndpointInterceptor#0': Cannot resolve reference to bean 'wsSecurityInterceptor' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'wsSecurityInterceptor' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'springSecurityHandler' while setting bean property 'validationCallbackHandler'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityHandler' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.authentication.ProviderManager]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.authentication.ProviderManager.<init>()
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:547)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:304)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:300)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:700)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:760)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5068)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5584)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1572)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1562)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.ws.soap.server.endpoint.interceptor.PayloadRootSmartSoapEndpointInterceptor#0': Cannot resolve reference to bean 'wsSecurityInterceptor' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'wsSecurityInterceptor' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'springSecurityHandler' while setting bean property 'validationCallbackHandler'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityHandler' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.authentication.ProviderManager]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.authentication.ProviderManager.<init>()
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:304)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:300)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:467)
    at org.springframework.context.support.AbstractApplicationContext.getBeansOfType(AbstractApplicationContext.java:1071)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
    ... 20 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'wsSecurityInterceptor' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'springSecurityHandler' while setting bean property 'validationCallbackHandler'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityHandler' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.authentication.ProviderManager]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.authentication.ProviderManager.<init>()
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1456)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1197)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:320)
    ... 44 more

错误指向以下依赖项

   <bean id= "authenticationManager" class= "org.springframework.security.authentication.ProviderManager">
      <property name="providers">

            <bean class= "org.springframework.security.authentication.dao.DaoAuthenticationProvider">
                <property name="userDetailsService" ref="userManagerWs"/>
            </bean>

        </property>
    </bean>

需要进行哪些更改才能使其正常工作?

提前谢谢你:D

【问题讨论】:

    标签: spring spring-mvc migration spring-3 spring-4


    【解决方案1】:

    ProviderManager 类上的空构造函数至少在 Spring Security 3.1.2 中已被弃用:

    构造函数总结

    ProviderManager()

    已弃用使用接受提供者列表的构造函数

    ProviderManager(列出提供者)
    ProviderManager(列出提供者, AuthenticationManager 父级)

    在 spring-security 4 中,这个 constructor 已被删除,这就是问题的根源:

    无法实例化 bean 类 [org.springframework.security.authentication.ProviderManager]:否 找到默认构造函数;嵌套异常是 java.lang.NoSuchMethodException: org.springframework.security.authentication.ProviderManager.()

    你应该这样配置才能工作:

    <beans:bean id= "authenticationManager" class= "org.springframework.security.authentication.ProviderManager">
        <beans:constructor-arg>
            <beans:list>
                <beans:bean class= "org.springframework.security.authentication.dao.DaoAuthenticationProvider">
                    <beans:property name="userDetailsService" ref="userManagerWs"/>
                </beans:bean>
            </beans:list>
        </beans:constructor-arg>
    </beans:bean>

    或者,使用 spring-security config 命名空间,带有security:authentication-manager 元素:

    <beans:bean id="daoAuthenticationProvider" class= "org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="userManagerWs"/>
    </beans:bean>

    <security:authentication-manager id="authenticationManager">
        <security:authentication-provider ref="daoAuthenticationProvider" />
    </security:authentication-manager>

    【讨论】:

    • 如果你已经升级到spring-security版本到5.x版本有什么更新吗?这段代码会和这个版本兼容吗?
    • @Nallamachu first sn-p 应该是有效的,因为在最新版本 5.3.3 中,ProviderManager 中仍然可以使用列表感知构造函数。我不确定第二个解决方案,我想它应该可以工作,但我没有在 Spring 5.x 中使用基于 spring-security XML 的初始化
    猜你喜欢
    • 1970-01-01
    • 2023-03-29
    • 2017-12-11
    • 2016-12-24
    • 1970-01-01
    • 1970-01-01
    • 2018-02-02
    • 1970-01-01
    • 2021-12-31
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode