我尝试在我的Spring Security Configuration中注册多个过滤器,但我总是得到相同的异常:
04-Nov-2015 14:35:23.792警告[RMITCPConnection(3)-127.0.0.1]org.springframework.web.context.support.AnnotationConfigWebApplicationContext.刷新上下文初始化期间遇到的异常-取消刷新尝试org.springframe.bean.工厂.BeanCreationException:创建名称为'org.springframework.security.config.注解.web.配置.WebSecurityConfiguration'的bean时出错:注入自动生成的依赖项失败;嵌套异常是java.lang.IllegalStateException:@在WebSecurityConfirer上的顺序必须是唯一的。100的顺序已经被使用,所以它不能在com.payment21.webapp.MultiHttpSecurityConfig$ApiWebSecurityConfigurationAdapter$$EnhancerBySpringCGLIB$$35c79fe4@1d381684上使用。
由于我自己的尝试不起作用,我尝试了与Spring Security参考中所示完全相同的代码:
@EnableWebSecurity
public class MultiHttpSecurityConfig {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
}
}
@Configuration
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin();
}
}
}
为了隔离错误,我试图用基于Java的方法替换web. xml,但它也不起作用。我不知道出了什么问题,文档有问题吗?我的应用程序中的某些东西会扰乱配置吗?系统正在正常启动,除非我注册第二个WebSecurityConfigAdapter。
这些是我的依赖项:
compile 'org.springframework:spring-webmvc:4.2.2.RELEASE'
compile 'org.springframework:spring-messaging:4.2.2.RELEASE'
compile 'org.springframework:spring-websocket:4.2.2.RELEASE'
compile 'org.springframework:spring-aop:4.2.2.RELEASE'
compile'javax.servlet:javax.servlet-api:3.0.1'
compile 'org.springframework.security:spring-security-web:4.0.3.RELEASE'
compile 'org.springframework.security:spring-security-config:4.0.3.RELEASE'
也许您已经用@EnableWebSecurity注释了另一个类。请注意,只有一个类可以实现此注释。希望这会有所帮助!
可能值得注意的是,@order注释应该在类级别。这有点令人困惑,因为@Chronney角落配置是一个多类示例。我的导入示例:)
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import com.someco.entity.User;
import com.someco.service.SpringDataJpaUserDetailsService;
@Configuration("CustomSecurityConfig")
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(1000)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private SpringDataJpaUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(this.userDetailsService)
.passwordEncoder(User.PASSWORD_ENCODER);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/built/**", "/main.css").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.defaultSuccessUrl("/", true)
.permitAll()
.and()
.httpBasic()
.and()
.csrf().disable()
.logout()
.logoutSuccessUrl("/");
}
}
我发现了错误…没有人在片段中发布导入。我们使用的是多模块项目设置,IntelliJ无法识别Spring注释并使用
org. apache.log.log 4 j.core.config.order
而不是
org. Spring框架.core.注释.顺序
由于Spring没有解析正确的注释,它假设两种配置的默认值都是100。
