Java 对'的重复过滤器注册;springSecurityFilterChain';
所以我环顾四周,到处都说我需要检查我的配置,但对我来说没有意义的是,我的应用程序将运行在不同的计算机上,但我用于开发的计算机除外。只是为了提供一些上下文,这个应用程序纯粹是restful的,带有令牌身份验证。我的配置如下所示: 安全初始化:Java 对'的重复过滤器注册;springSecurityFilterChain';,java,spring,Java,Spring,所以我环顾四周,到处都说我需要检查我的配置,但对我来说没有意义的是,我的应用程序将运行在不同的计算机上,但我用于开发的计算机除外。只是为了提供一些上下文,这个应用程序纯粹是restful的,带有令牌身份验证。我的配置如下所示: 安全初始化: @Order(1) public class SecurityWebappInitializer extends AbstractSecurityWebApplicationInitializer { } 应用程序初始化: @Order(2) publi
@Order(1)
public class SecurityWebappInitializer extends AbstractSecurityWebApplicationInitializer
{
}
应用程序初始化:
@Order(2)
public class ApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer
{
@Override
protected Class<?>[] getRootConfigClasses()
{
return new Class[]{RootConfiguration.class, SecurityConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses()
{
return new Class<?>[]{WebConfiguration.class};
}
@Override
protected String[] getServletMappings()
{
return new String[]{"/", "/rest/*"};
}
@Override
protected Filter[] getServletFilters()
{
CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
characterEncodingFilter.setEncoding("UTF-8");
return new Filter[] {characterEncodingFilter};
}
}
订单(2)
公共类应用程序初始化器扩展了AbstractAnnotationConfigDispatcherServletInitializer
{
@凌驾
受保护类[]getRootConfigClasses()
{
返回新类[]{RootConfiguration.Class,SecurityConfig.Class};
}
@凌驾
受保护类[]getServletConfigClasses()
{
返回新类[]{WebConfiguration.Class};
}
@凌驾
受保护的字符串[]getServletMappings()
{
返回新字符串[]{”/“,“/rest/*”};
}
@凌驾
受保护的筛选器[]getServletFilters()
{
CharacterEncodingFilter CharacterEncodingFilter=新的CharacterEncodingFilter();
characterEncodingFilter.setEncoding(“UTF-8”);
返回新筛选器[]{characterEncodingFilter};
}
}
SecurityConfig:
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
private NoOpAuthProvider noOpAuthenticationProvider;
@Autowired
private TokenFilter tokenFilter;
public SecurityConfig()
{
super(true);
}
@Override
public void configure(WebSecurity web) throws Exception
{
web
.ignoring()
.antMatchers("/rest/authentication/login")
.antMatchers("/services/**")
.antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.authorizeRequests()
.antMatchers("**").hasRole("RUN").and()
.addFilterAfter(tokenFilter, UsernamePasswordAuthenticationFilter.class)
.exceptionHandling().and()
.logout();
}
@Bean
public AuthenticationManager authenticationManager() throws Exception
{
List<AuthenticationProvider> authenticationProviders = new ArrayList<AuthenticationProvider>();
authenticationProviders.add(noOpAuthenticationProvider);
return new ProviderManager(authenticationProviders);
}
}
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled=true)
公共类SecurityConfig扩展了WebSecurity配置适配器
{
@自动连线
私人Noopauth提供商noOpAuthenticationProvider;
@自动连线
专用令牌过滤器令牌过滤器;
公共安全配置()
{
超级(真);
}
@凌驾
public void configure(WebSecurity web)引发异常
{
网状物
.忽略()
.antMatchers(“/rest/authentication/login”)
.antMatchers(“/services/**”)
.antMatchers(“/resources/**”);
}
@凌驾
受保护的无效配置(HttpSecurity http)引发异常
{
http
.授权请求()
.antMatchers(“**”).hasRole(“运行”)和()
.addFilterAfter(tokenFilter,UsernamePasswordAuthenticationFilter.class)
.exceptionHandling()和()
.logout();
}
@豆子
公共AuthenticationManager AuthenticationManager()引发异常
{
List authenticationProviders=new ArrayList();
添加(noOpAuthenticationProvider);
返回新的ProviderManager(authenticationProviders);
}
}
网络配置:
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.example.tinker.web")
public class WebConfiguration extends WebMvcConfigurerAdapter
{
@Autowired
private PrincipalRetrievalService principalRetrievalService;
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry)
{
registry.addResourceHandler("/resources/**").addResourceLocations("resources/").setCachePeriod(31556926);
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers)
{
argumentResolvers.add(new WebArgumentResolver(principalRetrievalService));
super.addArgumentResolvers(argumentResolvers);
}
}
@配置
@EnableWebMvc
@ComponentScan(basePackages=“com.example.tinker.web”)
公共类网络配置扩展了WebMVCConfigureAdapter
{
@自动连线
PrincipalRetrievalService PrincipalRetrievalService;
@凌驾
public void addResourceHandlers(ResourceHandlerRegistry注册表)
{
registry.addResourceHandler(“/resources/**”).addResourceLocations(“resources/”).setCachePeriod(31556926);
registry.setOrder(有序。最高优先级);
}
@凌驾
public void addArgumentResolver(列出ArgumentResolver)
{
添加(新的WebArgumentResolver(principalRetrievalService));
super.addArgumentResolver(ArgumentResolver);
}
}
知道是什么导致了我的问题吗?没有必要实现AbstractSecurityWebApplicationInitializer。 通过ApplicationInitializer/RootConfiguration/@ComponentScan/SecurityConfig初始化安全性。此外,不需要在GetRootConfigClass中添加SecurityConfig