Java Spring安全配置:AlreadyBuiltException:此对象已生成
我在自学春季安全。我目前有两个java文件和pom文件。出于某种原因,当我在WebSecurityConfigureAdapter中重写受保护的void configure(HttpSecurity http)方法时,它会给出一个AlreadyBuiltException。如果我删除被重写的方法,它将无错误地运行。我的代码如下: IntegrationTest.javaJava Spring安全配置:AlreadyBuiltException:此对象已生成,java,spring,Java,Spring,我在自学春季安全。我目前有两个java文件和pom文件。出于某种原因,当我在WebSecurityConfigureAdapter中重写受保护的void configure(HttpSecurity http)方法时,它会给出一个AlreadyBuiltException。如果我删除被重写的方法,它将无错误地运行。我的代码如下: IntegrationTest.java @SpringBootApplication @EnableAutoConfiguration(exclude={DataSo
@SpringBootApplication
@EnableAutoConfiguration(exclude={DataSourceAutoConfiguration.class})
@ComponentScan({"com.socialsignin", "test.com.socialsignin"})
public class IntegrationTest {
public static void main(String[] args) {
ConfigurableApplicationContext context = SpringApplication.run(IntegrationTest.class, args);
}
}
package com.socialsignin.config;
@EnableWebSecurity
@Component
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginPage("/signin")
.loginProcessingUrl("/signin/authenticate")
.failureUrl("/signin?param.error=bad_credentials")
.and()
.logout()
.logoutUrl("/signout")
.deleteCookies("JSESSIONID")
.and()
.authorizeRequests()
.antMatchers("/admin/**", "/favicon.ico", "/resources/**", "/auth/**", "/signin/**", "/signup/**", "/disconnect/facebook").permitAll()
.antMatchers("/**").authenticated()
.and()
.rememberMe()
.and()
.apply(new SpringSocialConfigurer());
}
}
org.springframework.beans.factory.BeanCreationException:创建名为“springSecurityFilterChain”的bean时出错,该bean在类路径资源[org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]:通过工厂方法实例化bean失败;嵌套异常为org.springframework.beans.beanstantiationException:未能实例化[javax.servlet.Filter]:工厂方法“springSecurityFilterChain”引发异常;嵌套异常是java.lang.IllegalStateException:SpringSocialConfigure依赖于org.springframework.social.connect.UsersConnectionRepository。在应用程序上下文中找不到该类型的单个bean。
在org.springframework.beans.factory.support.ConstructorResolver.InstanceUsingFactoryMethod(ConstructorResolver.java:599)~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.InstanceUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123)~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018)~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
在org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
在org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
在org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
在org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
在org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060)~[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE]
在org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:326)~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
在org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:235)~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
在org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:199)~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
在org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279)~[tomcat-embed-core-8.0.36.jar:8.0.36]
在org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:109)~[tomcat-embed-core-8.0.36.jar:8.0.36]
在org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4689)[tomcat-embed-core-8.0.36.jar:8.0.36]
在org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5329)[tomcat-embed-core-8.0.36.jar:8.0.36]
在org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)[tomcat-embed-core-8.0.36.jar:8.0.36]
在org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1407)[tomcat-embed-core-8.0.36.jar:8.0.36]
在org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1397)[tomcat-embed-core-8.0.36.jar:8.0.36]
在java.util.concurrent.FutureTask.run(FutureTask.java:266)[na:1.8.0_66]
位于java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[na:1.8.066]
在java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[na:1.8.066]
在java.lang.Thread.run(Thread.java:745)[na:1.8.0_66]
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: SpringSocialConfigurer depends on org.springframework.social.connect.UsersConnectionRepository. No single bean of that type found in application context.
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060) ~[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:326) ~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:235) ~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:199) ~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279) ~[tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:109) ~[tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4689) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5329) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1407) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1397) [tomcat-embed-core-8.0.36.jar:8.0.36]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_66]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_66]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_66]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_66]
@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SpringSecurityConfigurer {
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
/** We expect that the URLs secured here are called as part of the application or via websocket. */
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/restapi/requests/**", "/simulation/**", "/api/**", "/wsconnect/**").and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.csrf().disable();
}
}
@Configuration
@Order(2)
public static class StatelessApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
/** We expect that the URLs secured here are called called externally. */
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/restapi/**").and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable();
}
}
@Configuration
@Order(3)
public static class SubscriptionWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/subscribe**","/subscribe/**").and()
.addFilterBefore(new ApplicationSecurityTokenFilter(), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.csrf().disable();
}
}
@Configuration
@Order(0)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
ApplicationUserDetailsManager applicationUserDetailsManager;
@Autowired // need Autowired instead of Override here, not clear why!
public void configure(AuthenticationManagerBuilder auth) throws Exception {
// configure the repository user details service
// PasswordEncoder encoder = new BCryptPasswordEncoder();
auth.userDetailsService(applicationUserDetailsManager);
// make sure we have the default user if it is not there
if(!applicationUserDetailsManager.userExists("user")) {
ApplicationUser defaultApplicationUser = new ApplicationUser();
defaultApplicationUser.setUsername("user");
defaultApplicationUser.setPassword("password");
defaultApplicationUser.setEnabled(true);
applicationUserDetailsManager.createUser(new ApplicationUserDetails(defaultApplicationUser));
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// configure our web security that uses a form login
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll()
// note that this overrides CSRF for logout as it allows a GET to logout
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.and()
.rememberMe();
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
// Spring Security should completely ignore URLs starting with /icons/ and /images/
.antMatchers("/icons/**")
.antMatchers("/images/**")
.antMatchers("/favicon.ico");
}
}
}