Java 如何在spring security中的另一个筛选器之前添加筛选器?
我的应用程序有两种不同的安全配置。一个是Java 如何在spring security中的另一个筛选器之前添加筛选器?,java,spring,spring-security,Java,Spring,Spring Security,我的应用程序有两种不同的安全配置。一个是OAuth2SecurityConfiguration,另一个是LdapSecurityConfiguration。在OAuth2SecurityConfiguration中,我有以下带有2个过滤器的安全配置: @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable()
OAuth2SecurityConfigurationLdapSecurityConfigurationOAuth2SecurityConfiguration@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers(OAUTH_ENDPOINT).permitAll()
.anyRequest().authenticated()
.and()
.logout()
.logoutUrl(LOGOUT_ENDPOINT)
.logoutSuccessUrl("/")
.addLogoutHandler(oAuthLogoutHandler)
.and()
.addFilterAfter(oAuth2ClientContextFilter, ExceptionTranslationFilter.class)
.addFilterBefore(oAuth2AuthenticationProcessingFilter, FilterSecurityInterceptor.class)
// anonymous login must be disabled,
// otherwise an anonymous authentication will be created,
// and the UserRedirectRequiredException will not be thrown,
// and the user will not be redirected to the authorization server
.anonymous().disable();
}
LdapSecurityConfiguration@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers(AUTH_ENDPOINT).permitAll()
.anyRequest().authenticated()
.and()
.logout()
.and()
.addFilterBefore(authenticationFilter, OAuth2ClientContextFilter.class);
}
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Cannot register after unregistered Filter class org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
... 36 more
Caused by: java.lang.IllegalArgumentException: Cannot register after unregistered Filter class org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter
at org.springframework.security.config.annotation.web.builders.FilterComparator.registerBefore(FilterComparator.java:183)
at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterBefore(HttpSecurity.java:1039)
at com.company.configuration.LdapSecurityConfiguration.configure(LdapSecurityConfiguration.java:63)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:224)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:315)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:86)
at com.company.configuration.LdapSecurityConfiguration$$EnhancerBySpringCGLIB$$b4922dd5.init(<generated>)
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:371)
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325)
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.CGLIB$springSecurityFilterChain$3(<generated>)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e$$FastClassBySpringCGLIB$$b8c23686.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:358)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.springSecurityFilterChain(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
... 37 more
原因:org.springframework.beans.beans实例化异常:未能实例化[javax.servlet.Filter]:工厂方法“springSecurityFilterChain”引发异常;嵌套异常为java.lang.IllegalArgumentException:无法在未注册的筛选器类org.springframework.security.oauth2.client.Filter.OAuth2ClientContextFilter之后注册
位于org.springframework.beans.factory.support.SimpleInstallationStrategy.instantiate(SimpleInstallationStrategy.java:189)
位于org.springframework.beans.factory.support.ConstructorResolver.InstanceUsingFactoryMethod(ConstructorResolver.java:588)
... 36多
原因:java.lang.IllegalArgumentException:无法在未注册的筛选器类org.springframework.security.oauth2.client.Filter.OAuth2ClientContextFilter后注册
位于org.springframework.security.config.annotation.web.builders.FilterComparator.registerBefore(FilterComparator.java:183)
位于org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterBefore(HttpSecurity.java:1039)
位于com.company.configuration.LdapSecurityConfiguration.configure(LdapSecurityConfiguration.java:63)
位于org.springframework.security.config.annotation.web.configuration.websecurityConfigureAdapter.getHttp(websecurityConfigureAdapter.java:224)
位于org.springframework.security.config.annotation.web.configuration.websecurityConfigureAdapter.init(websecurityConfigureAdapter.java:315)
位于org.springframework.security.config.annotation.web.configuration.websecurityConfigureAdapter.init(websecurityConfigureAdapter.java:86)
在com.company.configuration.LdapSecurityConfiguration$$EnhancerBySpringCGLIB$$b4922dd5.init()上
位于org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:371)
位于org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325)
位于org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)
位于org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104)
位于org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.CGLIB$springSecurityFilterChain$3()
在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e$$FastClassBySpringCGLIB$$b8c23686.invoke()
位于org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
位于org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:358)
在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.springSecurityFilterChain()上
在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)处
位于sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)中
位于java.lang.reflect.Method.invoke(Method.java:498)
位于org.springframework.beans.factory.support.SimpleInstallationStrategy.instantiate(SimpleInstallationStrategy.java:162)
... 37多
addFilterBeforeOrdered@order还要注意,您的配置正在尝试以不同的方式配置
logout()exceptionHandling()OAuth2Security配置有@Order(1)
,而ldapsecurity配置有@VladislavChernogorov的@Order(2)
问题是,OAuth2ClientContextFilter
未在LdapSecurityConfiguration
中注册,因此您不能在不存在的OAuth2ClientContextFilter
之前添加其他筛选器@OrangeDog的回答有点让人困惑,因为exeption与配置的顺序无关。它没有注册,因为其他配置尚未注册,或者配置之间存在冲突。在这种情况下,@Order在这里可能不起作用。