Spring security Spring Boot EnableGlobalMethodSecurity不工作
我想制作一个位于uaa前面的sso应用程序,还有一些方法在应用程序中使用@PreAuthorize之类的注释进行保护。但是@PreAuthorize不起作用,甚至url也不安全。任何一点都欢迎,提前谢谢Spring security Spring Boot EnableGlobalMethodSecurity不工作,spring-security,spring-boot,Spring Security,Spring Boot,我想制作一个位于uaa前面的sso应用程序,还有一些方法在应用程序中使用@PreAuthorize之类的注释进行保护。但是@PreAuthorize不起作用,甚至url也不安全。任何一点都欢迎,提前谢谢 @Configuration @ComponentScan @EnableAutoConfiguration @RestController @RequestMapping("/dashboard") @EnableWebSecurity
@Configuration
@ComponentScan
@EnableAutoConfiguration
@RestController
@RequestMapping("/dashboard")
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)
public class SsoApplication extends GlobalMethodSecurityConfiguration {
@RequestMapping("/message")
@PreAuthorize("hasRole('ADMIN')")
public Map<String, Object> dashboard() {
return Collections.<String, Object>singletonMap("message", "Yay!");
}
@RequestMapping("/user")
@PreAuthorize("authenticated")
public Principal user(Principal user) {
return user;
}
public static void main(String[] args) {
SpringApplication.run(SsoApplication.class, args);
}
@Component
@EnableOAuth2Sso
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public static class LoginConfigurer extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().csrfTokenRepository(csrfTokenRepository()).and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class).authorizeRequests().and()
.logout().logoutUrl("/dashboard/logout").permitAll()
.logoutSuccessUrl("/");
}
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request
.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = new Cookie("XSRF-TOKEN",
csrf.getToken());
cookie.setPath("/");
response.addCookie(cookie);
}
filterChain.doFilter(request, response);
}
};
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
}
}
@配置
@组件扫描
@启用自动配置
@RestController
@请求映射(“/dashboard”)
@启用Web安全性
@EnableGlobalMethodSecurity(Prespenabled=true,securedEnabled=true,proxyTargetClass=true)
公共类SSO应用程序扩展了GlobalMethodSecurity配置{
@请求映射(“/message”)
@预授权(“hasRole('ADMIN')”)
公共地图仪表板(){
返回集合;
}
@请求映射(“/user”)
@预授权(“认证”)
公共主要用户(主要用户){
返回用户;
}
公共静态void main(字符串[]args){
run(SsoApplication.class,args);
}
@组成部分
@使能OAuth2SO
@顺序(SecurityProperty.ACCESS\u OVERRIDE\u顺序)
公共静态类LoginConfigure扩展了WebSecurity配置适配器{
@凌驾
public void configure(HttpSecurity http)引发异常{
http.csrf().csrfTokenRepository(csrfTokenRepository())和()
.addFilterAfter(csrfHeaderFilter(),CsrfFilter.class).authorizeRequests()和()
.logout().logoutUrl(“/dashboard/logout”).permitAll()
.logoutSuccessUrl(“/”);
}
专用筛选器csrfHeaderFilter(){
返回新的OncePerRequestFilter(){
@凌驾
受保护的无效doFilterInternal(HttpServletRequest请求,
HttpServletResponse响应,FilterChain FilterChain)
抛出ServletException、IOException{
CsrfToken csrf=(CsrfToken)请求
.getAttribute(CsrfToken.class.getName());
如果(csrf!=null){
Cookie Cookie=新Cookie(“XSRF-TOKEN”,
csrf.getToken());
cookie.setPath(“/”);
addCookie(cookie);
}
filterChain.doFilter(请求、响应);
}
};
}
私有CsrfTokenRepository CsrfTokenRepository(){
httpsessionsrftokenrepository=新的httpsessionsrftokenrepository();
setHeaderName(“X-XSRF-TOKEN”);
返回存储库;
}
}
}
如果SSO应用程序未扩展GlobalMethodSecurity配置,则会出现异常:
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.aopalliance.intercept.MethodInterceptor]: Factory method 'methodSecurityInterceptor' threw exception; nested exception is org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
... 46 more
Caused by: org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:44)
at org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.getAuthenticationManager(AuthenticationConfiguration.java:81)
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.authenticationManager(GlobalMethodSecurityConfiguration.java:257)
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.methodSecurityInterceptor(GlobalMethodSecurityConfiguration.java:123)
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$420668b7.CGLIB$methodSecurityInterceptor$8(<generated>)
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$420668b7$$FastClassBySpringCGLIB$$5167ccd.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:355)
at org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration$$EnhancerBySpringCGLIB$$420668b7.methodSecurityInterceptor(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
原因:org.springframework.beans.beans实例化异常:未能实例化[org.aopalliance.intercept.MethodInterceptor]:工厂方法“methodSecurityInterceptor”引发异常;嵌套异常为org.springframework.security.config.annotation.AlreadyBuiltException:此对象已生成
位于org.springframework.beans.factory.support.SimpleInstallationStrategy.instantiate(SimpleInstallationStrategy.java:189)
位于org.springframework.beans.factory.support.ConstructorResolver.InstanceUsingFactoryMethod(ConstructorResolver.java:588)
... 46多
原因:org.springframework.security.config.annotation.AlreadyBuiltException:此对象已生成
位于org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:44)
位于org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.getAuthenticationManager(AuthenticationConfiguration.java:81)
位于org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.authenticationManager(GlobalMethodSecurityConfiguration.java:257)
位于org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.methodSecurityInterceptor(GlobalMethodSecurityConfiguration.java:123)
位于org.springframework.security.config.annotation.method.configuration.globalMethodSecurity配置$$EnhancerBySpringCGLIB$$420668b7.CGLIB$methodSecurityInterceptor$8()
位于org.springframework.security.config.annotation.method.configuration.globalMethodSecurity配置$$EnhancerBySpringCGLIB$$420668b7$$FastClassBySpringCGLIB$$5167ccd.invoke()
位于org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
位于org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:355)
位于org.springframework.security.config.annotation.method.configuration.globalMethodSecurity配置$$EnhancerBySpringCGLIB$$420668b7.methodSecurityInterceptor()
在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)处
位于sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)中
位于java.lang.reflect.Method.invoke(Method.java:497)
位于org.springframework.beans.factory.support.SimpleInstallationStrategy.instantiate(SimpleInstallationStrategy.java:162)