我正在尝试通过我的Jersey托管REST Web服务的注释设置方法级别的安全性。我在定义端点的Web服务接口中添加了@PreAuthorize(“ hasRole('USER')”)批注。
我添加了一个安全配置类和一个安全初始化器类。
用户名和密码已被删除。
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Inject
private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername(user).password(encoder().encode(password)).roles("USER").build());
return manager;
}
@Inject
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(inMemoryUserDetailsManager()).passwordEncoder(encoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/rest/coupons/token")
.authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.csrf()
.disable();
}
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
}`
`@Order(1)
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {}
我的webapp配置注释如下:
@Configuration
@Import({
CouponManagementServiceConfiguration.class,
CouponRedemptionServiceConfiguration.class,
AuthFilterConfiguration.class,
PlatformCommonWsConfiguration.class,
SecurityConfiguration.class
})
@ComponentScan(basePackageClasses = CouponManagementWebServiceConfiguration.class)
@EnableWebSecurity@Configuration
@Import({
CouponManagementServiceConfiguration.class,
CouponRedemptionServiceConfiguration.class,
AuthFilterConfiguration.class,
PlatformCommonWsConfiguration.class,
SecurityConfiguration.class
})
@ComponentScan(basePackageClasses = CouponManagementWebServiceConfiguration.class)
@EnableWebSecurity
当我将@PreAuthorize(“ hasRole('USER')”)批注添加到其余端点的接口时,我得到以下堆栈跟踪:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' available
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:774)
at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedLocalBeanDefinition(AbstractBeanFactory.java:1212)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:204)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1091)
at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:337)
at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:242)
at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:238)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:285)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:112)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4615)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5262)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:754)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:730)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:744)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:980)
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1851)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
我想念什么?