Java Spring Security DelegatingFilterProxy无限递归

我有这个例外后，第一次请求（主页）后启动的web应用程序

java.lang.StackOverflowError: null
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE...

web.xml包含DelegatingFilterProxy

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*

applicationContext.xml还包含id为“springSecurityFilterChain”的bean

security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="
         http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
         http://www.springframework.org/schema/security
         http://www.springframework.org/schema/security/spring-security-4.2.xsd"> 
<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />

    <!-- access denied page -->
    <access-denied-handler error-page="/403" />
    <form-login
            login-page="/login"
            default-target-url="/home"
            authentication-failure-url="/login?error"
            username-parameter="username"
            password-parameter="password" />
    <logout logout-success-url="/login?logout" />
    <!-- enable csrf protection -->
    <csrf />
</http>

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService" >
        <password-encoder hash="md5" />
    </authentication-provider>
</authentication-manager>

有什么想法吗？

试试这个： 首先从applicationContext.xml文件中删除这一行，因为当您使用。。。tagspringsecurity创建了一个it本身，因此需要像您所做的那样显式添加

<bean id="springSecurityFilterChain"  class="org.springframework.web.filter.DelegatingFilterProxy"/>

注意：为您提供更清晰的spring安全上下文文件

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee  http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<display-name>SpringWebSecurity</display-name>

<servlet>
    <servlet-name>myservlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
WEB-INF/myservlet-servlet.xml
</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>myservlet</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>


<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>WEB-INF/myservlet-servlet.xml
WEB-INF/security-context.xml
WEB-INF/applicationContext.xml
</param-value>
</context-param>
   <listener>
    <listener- class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>


<!-- Bellow filters are for spring security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

</web-app>

SpringWebSecurity
myservlet
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
WEB-INF/myservlet-servlet.xml
1.
myservlet
/
上下文配置位置
WEB-INF/myservlet-servlet.xml
WEB-INF/security-context.xml
WEB-INF/applicationContext.xml
org.springframework.web.context.ContextLoaderListener
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*

那么您的myservlet-servlet.xml应该类似于下面的内容

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jdbc="http://www.springframework.org/schema/jdbc" xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-4.3.xsd
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd
    http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang-4.3.xsd
    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd">



<context:component-scan base-package="kumar.amit.safims.controller">

</context:component-scan>


<!-- Put this to handle all static resources eg:. css,js,images etc -->
<mvc:resources location="/resources/" mapping="/resources/**" />
<mvc:annotation-driven />
<context:annotation-config />


<bean 
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix" value="/WEB-INF/views/jsp/" />
    <property name="suffix" value=".jsp" />

</bean>



</bean>
</beans>

您的ApplicationContext.xml应类似于以下内容： 注意：这里没什么特别的，除非你有自己的豆子， 无需在此处写入或提及springSecurityFilterChain

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"   xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-4.3.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd">

<context:component-scan base-package="kumar.amit.safims" />


<context:annotation-config />

<!-- To make @Transaction work add this -->
<tx:annotation-driven />

<!-- Write all your beans here which are not part of view layers -->
<!-- Initialization for data source -->
<bean id="dataSource"
    class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="org.mariadb.jdbc.Driver" />
    <property name="url" value="jdbc:mariadb://localhost:3306/safims" />
    <property name="username" value="root" />
    <property name="password" value="hariOm2" />
</bean>
</beans>

最后是安全上下文，您可以给它起任何名字，我已经给了Security-Context.xml，但是请确保您在web.xml中提到了这个名字，如下面所示：

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>WEB-INF/myservlet-servlet.xml
WEB-INF/security-context.xml
WEB-INF/applicationContext.xml
</param-value>
</context-param>
<listener>
    <listener- class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">


<context:component-scan base-package="kumar.amit.safims.service.security">

</context:component-scan>

<!-- Add this bean here to make use of expression at view or jsp level  and 
    nothing else -->
<bean
     class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />

<security:http auto-config="true" use-expressions="true">

    <!-- To get the default login form just disable the http-basic auth  -->
    <!-- <security:http-basic/> -->
    <security:form-login login-page="/login"
        login-processing-url="/login" username-parameter="customEmail"
        password-parameter="customPassword" default-target-url="/postLogin"
        always-use-default-target="true" authentication-failure-url="/login?error=true" />

    <!-- for logout functionality -->
    <security:logout logout-url="/logout" 
        invalidate-session="true" logout-success-url="/login?logout=true" />

    <security:intercept-url pattern="/server"   access="hasRole('ROLE_ADMIN') " />
    <security:intercept-url pattern="/driverLicense" access="hasRole('ROLE_FACULTY') OR hasRole('ROLE_ADMIN') " />
    <security:intercept-url pattern="/user/*" access="hasRole('ROLE_FACULTY') OR hasRole('ROLE_ADMIN')" />
    <security:intercept-url pattern="/resources/**" access="permitAll" />
    <security:intercept-url pattern="/**" access="hasRole('ROLE_ANONYMOUS') OR hasRole('ROLE_ADMIN') OR  hasRole('ROLE_FACULTY') OR hasRole('ROLE_STUDENT')" />

</security:http>


<security:authentication-manager>
    <security:authentication-provider
        user-service-ref="customUserDetailsService" />
</security:authentication-manager>
</beans>

上下文配置位置
WEB-INF/myservlet-servlet.xml
WEB-INF/security-context.xml
WEB-INF/applicationContext.xml
org.springframework.web.context.ContextLoaderListener

注意：将文件中的xmlns名称空间更改为security或复制pase my file，然后根据需要进行修改。 security-context.xml文件如下所示：

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>WEB-INF/myservlet-servlet.xml
WEB-INF/security-context.xml
WEB-INF/applicationContext.xml
</param-value>
</context-param>
<listener>
    <listener- class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">


<context:component-scan base-package="kumar.amit.safims.service.security">

</context:component-scan>

<!-- Add this bean here to make use of expression at view or jsp level  and 
    nothing else -->
<bean
     class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />

<security:http auto-config="true" use-expressions="true">

    <!-- To get the default login form just disable the http-basic auth  -->
    <!-- <security:http-basic/> -->
    <security:form-login login-page="/login"
        login-processing-url="/login" username-parameter="customEmail"
        password-parameter="customPassword" default-target-url="/postLogin"
        always-use-default-target="true" authentication-failure-url="/login?error=true" />

    <!-- for logout functionality -->
    <security:logout logout-url="/logout" 
        invalidate-session="true" logout-success-url="/login?logout=true" />

    <security:intercept-url pattern="/server"   access="hasRole('ROLE_ADMIN') " />
    <security:intercept-url pattern="/driverLicense" access="hasRole('ROLE_FACULTY') OR hasRole('ROLE_ADMIN') " />
    <security:intercept-url pattern="/user/*" access="hasRole('ROLE_FACULTY') OR hasRole('ROLE_ADMIN')" />
    <security:intercept-url pattern="/resources/**" access="permitAll" />
    <security:intercept-url pattern="/**" access="hasRole('ROLE_ANONYMOUS') OR hasRole('ROLE_ADMIN') OR  hasRole('ROLE_FACULTY') OR hasRole('ROLE_STUDENT')" />

</security:http>


<security:authentication-manager>
    <security:authentication-provider
        user-service-ref="customUserDetailsService" />
</security:authentication-manager>
</beans>

---

注：请随时澄清。快乐编码，干杯

如果我删除这个bean，我会得到以下异常：org.springframework.beans.factory.NoSuchBeanDefinitionException:org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition（DefaultListableBeanFactory.java:687）~[na:na]非常感谢！我通过从applicationContext.xml中删除并将“classpath*：security.xml”添加到web中的上下文参数部分，解决了这个问题。xml@DmitryOleinik很高兴我帮了忙！