springmvc&；安全3.2，JavaConfig-WebApplicationContext被初始化、销毁、再次初始化

本周，我将整个webapp从xml配置切换到JavaConfig。我注意到一些奇怪的行为。我将Netbeans与集成的tomcat一起使用。部署应用程序时，我在日志中注意到：

Mar 13, 2014 7:55:48 AM org.apache.catalina.core.ApplicationContext log
INFO: Spring WebApplicationInitializers detected on classpath: [x.configuration.SecurityInitializer@703f4126, x.configuration.WebAppInitializer@48ce5f5c]
Mar 13, 2014 7:55:49 AM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
Mar 13, 2014 7:56:20 AM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'dispatcher'
Mar 13, 2014 7:56:55 AM org.apache.catalina.core.ApplicationContext log
INFO: Destroying Spring FrameworkServlet 'dispatcher'
Mar 13, 2014 7:56:55 AM org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext
Mar 13, 2014 7:57:04 AM org.apache.catalina.core.ApplicationContext log
INFO: Spring WebApplicationInitializers detected on classpath: [x.configuration.SecurityInitializer@5379ce53, x.configuration.WebAppInitializer@61d8d5f5]
Mar 13, 2014 7:57:05 AM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
Mar 13, 2014 7:57:33 AM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'dispatcher'

还有其他的东西也在运行两次。。。我有一个在dispatcher servlet上下文中侦听ContextRefreshedEvents的类。当我调试web应用程序时，我会看到日志语句，就好像这段代码正在执行一样，但它从未碰到我设置的任何断点。。。第一次。在神秘上下文似乎完全初始化，然后显然被破坏之后，它再次被初始化。这一次，我的断点被命中，我可以单步执行代码。我认为我所有的配置文件都是根据我读到的所有内容正确配置的，我让我的root/dispatcher组件进行互斥扫描，而不是扫描相同的包

这正成为一个更大的问题，因为现在我正试图设置一个BCryptPasswordEncoder。我遇到了与上面描述的问题非常相似的问题——我不再能够调试或查看来自CustomAuthenticationProvider的日志语句，尽管我来自CustomUserDetails服务。我开始觉得它是在使用CustomAuthenticationProvider的缓存实例，该实例来自创建的初始ghost上下文或其他内容。如果您能帮我解决这个问题，我们将不胜感激

我的包设置得非常简单，即：x.controllers、x.services、x.domain、x.dao、x.configuration等等，因此我必须使用一些excludefilter来确保正确的上下文扫描正确的组件。无论如何，这是我的配置：

AbstractAnnotationConfigDispatchersServletInitializer:

public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[]{ SecurityConfig.class, ServiceConfig.class, PersistenceConfig.class, Log4jConfig.class };
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class[]{SpringMvcConfig.class, Initializer.class};
    }

    @Override
    protected String[] getServletMappings() {
        return new String[]{
            "/rest/*",
            "/index.html",
            "/login.html",
            "/admin.html",
            "/index/*",
            "/login/*",
            "/admin/*"
        };
    }

    @Override
    protected Filter[] getServletFilters() {
        CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
        characterEncodingFilter.setEncoding("UTF-8");
        characterEncodingFilter.setForceEncoding(true);

        OpenEntityManagerInViewFilter openEntityManagerInViewFilter = new OpenEntityManagerInViewFilter();
        openEntityManagerInViewFilter.setBeanName("openEntityManagerInViewFilter");
        openEntityManagerInViewFilter.setPersistenceUnitName("HSQL");

        return new javax.servlet.Filter[]{characterEncodingFilter, openEntityManagerInViewFilter};
    }
}

@Order(1)
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {}

安全初始值设定项：

public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[]{ SecurityConfig.class, ServiceConfig.class, PersistenceConfig.class, Log4jConfig.class };
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class[]{SpringMvcConfig.class, Initializer.class};
    }

    @Override
    protected String[] getServletMappings() {
        return new String[]{
            "/rest/*",
            "/index.html",
            "/login.html",
            "/admin.html",
            "/index/*",
            "/login/*",
            "/admin/*"
        };
    }

    @Override
    protected Filter[] getServletFilters() {
        CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
        characterEncodingFilter.setEncoding("UTF-8");
        characterEncodingFilter.setForceEncoding(true);

        OpenEntityManagerInViewFilter openEntityManagerInViewFilter = new OpenEntityManagerInViewFilter();
        openEntityManagerInViewFilter.setBeanName("openEntityManagerInViewFilter");
        openEntityManagerInViewFilter.setPersistenceUnitName("HSQL");

        return new javax.servlet.Filter[]{characterEncodingFilter, openEntityManagerInViewFilter};
    }
}

@Order(1)
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {}

安全配置：

@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomUserDetailsService userDetailsService;
    @Autowired
    private CustomAuthenticationProvider customAuthenticationProvider;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        AuthenticationProvider rememberMeAuthenticationProvider = rememberMeAuthenticationProvider();
        TokenBasedRememberMeServices tokenBasedRememberMeServices = tokenBasedRememberMeServices();

        List<AuthenticationProvider> authenticationProviders = new ArrayList<AuthenticationProvider>(2);
        authenticationProviders.add(rememberMeAuthenticationProvider);
        authenticationProviders.add(customAuthenticationProvider);
        AuthenticationManager authenticationManager = authenticationManager(authenticationProviders);

        http
                .csrf().disable()
                .headers().disable()
                .addFilter(new RememberMeAuthenticationFilter(authenticationManager, tokenBasedRememberMeServices))
                .rememberMe().rememberMeServices(tokenBasedRememberMeServices)
                .and()
                .authorizeRequests()
                .antMatchers("/js/**", "/css/**", "/img/**", "/login", "/processLogin").permitAll()
                .antMatchers("/index.jsp", "/index.html", "/index").hasRole("USER")
                .antMatchers("/admin", "/admin.html", "/admin.jsp", "/js/saic/jswe/admin/**").hasRole("ADMIN")
                .and()
                .formLogin().loginProcessingUrl("/processLogin").loginPage("/login").permitAll()
                .and().exceptionHandling().accessDeniedPage("/login").and()
                .logout().permitAll();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/js/**", "/css/**", "/img/**");
    }

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public AuthenticationManager authenticationManager(List<AuthenticationProvider> authenticationProviders) {
        return new ProviderManager(authenticationProviders);
    }

    @Bean
    public TokenBasedRememberMeServices tokenBasedRememberMeServices() {
        return new TokenBasedRememberMeServices("testKey", userDetailsService);
    }

    @Bean
    public AuthenticationProvider rememberMeAuthenticationProvider() {
        return new org.springframework.security.authentication.RememberMeAuthenticationProvider("testKey");
    }

    protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
    }
}

Log4jConfig的注释为：

@Order(2)
@Configuration

您可能会注意到一件奇怪的事情，我的初始值设定项实现了用@Configuration注释的ApplicationListener类。我这样做只是为了让根ServiceConfig在组件扫描期间不会拾取它，并且它将仅在DispatcherServlet上下文中创建

在经历了许多痛苦和痛苦之后，我认为问题并不是我的Spring配置，而是AbstractAnnotationConfigDispatcherServletInitializer类缺少的东西。。。不知何故，某种程度上，某种东西使它的工作加倍。我应该覆盖受保护的WebApplicationContext createRootApplicationContext（）还是public void onStartup（ServletContext ServletContext）抛出ServletException或其他东西来手动创建上下文

更新

我有一点怀疑，使用AbstractAnnotationConfigDispatchers ServletInitializer扩展的WebApplicationInitializer和AbstractSecurityWebApplicationInitializer扩展的WebApplicationListener是这一问题的根本原因。尽管我知道它会导致spring security失败，因为它没有注册spring security筛选器链，但我决定删除这个类，看看它是否能解决问题——没有区别

---

出于沮丧，我决定下载glassfish并在那里部署它。我第一次部署它时，它只运行了一次！它部署了，但很明显，我无法登录，因为spring安全性现在被破坏了。作为测试，我重新添加了类“public class SecurityInitializer Extendes AbstractSecurityWebApplicationInitializer{}”，以查看会发生什么。正如我所料，问题再次出现。一切都经过了两次。所以，我又把它移走了，现在我又陷入了同样的问题。它仍然在构建上下文，在初始化过程中运行，破坏上下文，然后重新进行。这就像第二个注册的WebApplicationInitializer不知何故被卡住或缓存在web服务器中。这是我能想到的唯一解释。。。。所以我现在已经接近一个答案了，但我仍然不确定如何解决这个问题……

这方面有什么更新吗？我现在也面临着同样的问题，我的配置看起来也差不多。嗨，马库斯。我认为这个问题最终变成了一个奇怪的Netbeans问题。这不是在我们的生产环境中发生的，只是在我的开发机器上发生的。我运行的是Netbeans 7.0和Tomcat 7.0.41。我升级到Netbeans 8和Tomcat 8.0.3，问题就消失了。

@Configuration
@EnableTransactionManagement
@PropertySource("classpath:database.properties")

@Order(2)
@Configuration