首页 / JAVA / java – Spring安全配置@Order不是唯一的例外

java – Spring安全配置@Order不是唯一的例外

内容导读

互联网集市收集整理的这篇技术教程文章主要介绍了java – Spring安全配置@Order不是唯一的例外,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含4149字,纯文字阅读大概需要6分钟

内容图文

我试图在我的Spring Security配置中注册多个过滤器,但是我总是得到相同的异常:

04-Nov-2015 14:35:23.792 WARNING [RMI TCP Connection(3)-127.0.0.1]
org.springframework.web.context.support.AnnotationConfigWebApplicationContext.refresh
Exception encountered during context initialization – cancelling
refresh attempt
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name
‘org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration’:
Injection of autowired dependencies failed; nested exception is
java.lang.IllegalStateException: @Order on WebSecurityConfigurers must
be unique. Order of 100 was already used, so it cannot be used on
com.payment21.webapp.MultiHttpSecurityConfig$ApiWebSecurityConfigurationAdapter$$EnhancerBySpringCGLIB$$35c79fe4@1d381684
too.

由于我自己的尝试不起作用,我尝试了完全相同的代码,如Spring Security reference所示:

@EnableWebSecurity
public class MultiHttpSecurityConfig {
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) { 
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER").and()
                .withUser("admin").password("password").roles("USER", "ADMIN");
    }

    @Configuration
    @Order(1)                                                        
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
                .antMatcher("/api/**")                               
                .authorizeRequests()
                    .anyRequest().hasRole("ADMIN")
                    .and()
                .httpBasic();
        }
    }

    @Configuration                                                   
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                .formLogin();
        }
    }
}

为了隔离错误,我尝试用基于Java的方法替换web.xml,但它也没有用.我不知道出了什么问题,这是错误的吗?我的应用程序中的某些东西可以搞乱配置吗?系统正常启动,除非我注册了第二个WebSecurityConfigAdapter.

这些是我的依赖:

compile 'org.springframework:spring-webmvc:4.2.2.RELEASE'
compile 'org.springframework:spring-messaging:4.2.2.RELEASE'
compile 'org.springframework:spring-websocket:4.2.2.RELEASE'
compile 'org.springframework:spring-aop:4.2.2.RELEASE'
compile'javax.servlet:javax.servlet-api:3.0.1'
compile 'org.springframework.security:spring-security-web:4.0.3.RELEASE'
compile 'org.springframework.security:spring-security-config:4.0.3.RELEASE'

解决方法:

值得注意的是,@ Order注释应该在类级别.这有点令人困惑,因为@Journeycorner配置是一个多类示例.我的导入示例:)

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import com.someco.entity.User;
import com.someco.service.SpringDataJpaUserDetailsService;

@Configuration("CustomSecurityConfig")
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(1000)                                                        
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
private SpringDataJpaUserDetailsService userDetailsService;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
        .userDetailsService(this.userDetailsService)
            .passwordEncoder(User.PASSWORD_ENCODER);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/built/**", "/main.css").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .defaultSuccessUrl("/", true)
            .permitAll()
            .and()
        .httpBasic()
            .and()
        .csrf().disable()
        .logout()
            .logoutSuccessUrl("/");
}

}

内容总结

以上是互联网集市为您收集整理的java – Spring安全配置@Order不是唯一的例外全部内容,希望文章能够帮你解决java – Spring安全配置@Order不是唯一的例外所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。

内容备注

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。

内容手机端

扫描二维码推送至手机访问。

本文链接:https://qyyshop.com/info/699574.html

来源:【匿名】