我有一个有效的Spring MVC应用程序,其中包含以下安全配置:
package co.masslab.shiba;
// imports snipped
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private Auth0AuthenticationEntryPoint auth0EntryPoint;
@Autowired
private Auth0AuthenticationFilter auth0Filter;
@Autowired
private Auth0AuthenticationProvider auth0AuthenticationProvider;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().anyRequest().hasRole("USER")
.and()
.exceptionHandling().authenticationEntryPoint(auth0EntryPoint)
.and()
.addFilterAfter(auth0Filter, SecurityContextPersistenceFilter.class)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(auth0AuthenticationProvider);
}
}
当我将注释@EnableGlobalMethodSecurity(prePostEnabled=true)添加到WebSecurityConfig类,并将@PreAuthorize注释添加到控制器类中的方法时,代码仍然可以干净地编译,运行正常并且按预期运行。但是,我的测试开始为AlreadyBuiltException投掷AuthenticationManager。我得到的堆栈跟踪是 - 对于这个文本框来说太大了,但是最外面的线程给出了以下内容(添加了换行符):
Caused by:
org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'channelMarksController' defined in file [/Users/jason/Code/shiba/build/classes/main/co/masslab/shiba/transfer/ChannelMarksController.class]:
Initialization of bean failed;
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'methodSecurityInterceptor' defined in class path resource [org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.class]:
Bean instantiation via factory method failed;
nested exception is org.springframework.beans.BeanInstantiationException:
Failed to instantiate [org.aopalliance.intercept.MethodInterceptor]:
Factory method 'methodSecurityInterceptor' threw exception;
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'webSecurityConfig':
Injection of autowired dependencies failed;
nested exception is org.springframework.beans.factory.BeanCreationException:
Could not autowire field:
private com.auth0.spring.security.auth0.Auth0AuthenticationFilter co.masslab.shiba.WebSecurityConfig.auth0Filter;
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'auth0Filter':
Injection of autowired dependencies failed;
nested exception is org.springframework.beans.factory.BeanCreationException:
Could not autowire field:
private org.springframework.security.authentication.AuthenticationManager com.auth0.spring.security.auth0.Auth0AuthenticationFilter.authenticationManager;
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'authenticationManager' defined in class path resource [org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.class]:
Bean instantiation via factory method failed;
nested exception is org.springframework.beans.BeanInstantiationException:
Failed to instantiate [org.springframework.security.authentication.AuthenticationManager]:
Factory method 'authenticationManager' threw exception;
nested exception is org.springframework.security.config.annotation.AlreadyBuiltException:
This object has already been built
由于初始化仅在测试时失败,我认为问题出在我的测试类中,但上面的错误是由以下真空测试类生成的:
package co.masslab.shiba;
// imports snipped
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(classes=ShibaApplication.class)
@WebAppConfiguration
public class ShibaApplicationTests {
@Test
public void contextLoads() {
}
}
方法安全性与此测试的组合如何导致Spring尝试再次构建AuthenticationManager?