我已阅读过已发布的大部分类似问题,但仍无法找到解决方案。我收到错误在尝试运行我的应用程序时,没有名为'springSecurityFilterChain'的bean可用。我在我的pom.xml文件中导入了spring security依赖项,我在SecurityConfig类中注释了@EnableWebSecurity,但仍然无法正常工作我找不到问题。
的pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>app</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>app</name>
<packaging>war</packaging>
<description> </description>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<failOnMissingWebXml>false</failOnMissingWebXml>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-jpa</artifactId>
<version>1.11.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>4.3.9.RELEASE</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.3.9.RELEASE</version>
</dependency>
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring4</artifactId>
<version>3.0.0.RELEASE</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.42</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>5.2.10.Final</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>4.3.9.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>4.3.9.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
</dependencies>
</project>
securitiConfig类
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
private DataSource dataSource;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource);
//.passwordEncoder(bcryptEncoder);
}
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/admin").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.and()
.httpBasic();
}
}
SecurityWebApplicationInitializer类
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer{
}
答案 0 :(得分:1)
我认为您没有将安全配置导入Spring root上下文。
在我的应用程序中,我有一个AbstractAnnotationConfigDispatcherServletInitializer的实现,其中方法 getRootConfigClasses返回Spring root配置类(我只有一个):
import javax.servlet.*;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.context.ApplicationContext;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
public class MyDispatcherServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer
{
@Override
public void onStartup(ServletContext servletContext) throws ServletException
{ super.onStartup(servletContext); }
@Override
protected Class<?>[] getRootConfigClasses()
{ return new Class[]{MyRoot.class};}
@Override
protected Class<?>[] getServletConfigClasses()
{ return null; }
@Override
protected String[] getServletMappings()
{ return new String[]{"/"}; }
@Override
protected String getServletName()
{ return "myDispatcherServlet"; }
@Override
protected void customizeRegistration(ServletRegistration.Dynamic registration)
{
super.customizeRegistration(registration);
registration.setLoadOnStartup(1);
}
}
MyRoot包含我的春豆。查看注释@Import
@Configuration
@PropertySource("file:${my.config}")
@ComponentScan(basePackages = {
"com.my.filter", "com.my.controller"
, "com.my.registration"
})
@EnableTransactionManagement(mode = AdviceMode.PROXY, proxyTargetClass = false)
@Import({MySecurityConfigurer.class, MyWebConfigurer.class})
public class DmRoot
{
private final Environment env;
@Autowired
public MyRoot(Environment env)
{
Assert.notNull(env, "die Umgebungseinstellungen sind NULL");
this.env = env;
dbUserModelPackage = env.getProperty("my.userDbModel");
dbAccountingModelPackage = env.getProperty("my.accountingDbModel");
}
// all my Spring beans
}
看@Import({MySecurityConfigurer.class, MyWebConfigurer.class})
MySecurityConfigurer是org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter的扩展,MyWebConfigurer是我org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter的扩展
@EnableWebMvc
@EnableWebSecurity
public class MySecurityConfigurer extends WebSecurityConfigurerAdapter
{
private final Environment env;
private final UserDetailsService myUserDetailsService;
@Autowired
public MySecurityConfigurer(Environment env, UserDetailsService myUserDetailsService)
{
Assert.notNull(env, "die Umgebungseinstellungen sind NULL");
this.env = env;
Assert.notNull(myUserDetailsService, "der myUserDetailsService ist NULL");
this.myUserDetailsService = myUserDetailsService;
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception
{
String urlPattern = env.getProperty("my.springSecurityPattern");
String realmName = env.getProperty("my.springSecurityRealm");
String reloadPairingUrl = env.getProperty("my.reloadPairingUrl");
HttpSecurity securityAdapter = httpSecurity.httpBasic().realmName(realmName)
.and().userDetailsService(myUserDetailsService)
.authorizeRequests()
.antMatchers(reloadPairingUrl).permitAll()
.antMatchers(urlPattern).authenticated()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().csrf().disable();
}
}
此代码不适用于具有用户会话的Web UI,但适用于通过HTTPS进行基本身份验证的服务
答案 1 :(得分:1)
确保contextLoaderListener而不是DispatcherServlet加载security.xml。 DelegatingFilterProxy只会查看root applicationcontext(由ContextLoaderListener加载)以供委托的bean使用。
例如:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>