没有名为'springSecurityFilterChain'的bean使用javaconfig定义错误

时间:2014-05-09 19:30:21

标签: java spring spring-mvc spring-security

我在添加spring安全性方面遇到了一些问题。它显示一个错误:没有定义名为'springSecurityFilterChain'的bean

public class WebInitializer implements WebApplicationInitializer {

    public void onStartup(ServletContext servletContext) throws ServletException {


        // Create the 'root' Spring application context
        AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
        rootContext.register(App.class);
        servletContext.addListener(new ContextLoaderListener(rootContext));


       // security filter
        servletContext.addFilter(
                "springSecurityFilterChain",
                new DelegatingFilterProxy("springSecurityFilterChain"))
                .addMappingForUrlPatterns(null, false, "/*");

        // Manage the lifecycle of the root application context
        AnnotationConfigWebApplicationContext webContext = new AnnotationConfigWebApplicationContext();
        webContext.register(WebConfig.class);
        webContext.setServletContext(servletContext);


        ServletRegistration.Dynamic servlet = servletContext.addServlet("dispatcher", new DispatcherServlet(webContext));
        servlet.addMapping("/");
        servlet.setLoadOnStartup(1);
    }
}

在我添加安全过滤器的那一刻,它显示了此错误。我一直在疯狂地试图解决这个问题但没有成功。

这是我的 WebSecurityConfigurerAdapter

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("tom").password("123456").roles("USER");
        auth.inMemoryAuthentication().withUser("bill").password("123456").roles("ADMIN");
        auth.inMemoryAuthentication().withUser("james").password("123456").roles("SUPERADMIN");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers("/signin").access("hasRole('ROLE_ADMIN')")
                .and().formLogin();

    }
}

WebConfig

@Configuration
@EnableWebMvc
@ComponentScan(value = {"com.hp.visitor.controller"})
@Import({ WebSecurityConfig.class })
public class WebConfig extends WebMvcConfigurerAdapter {

    @Bean
    UrlBasedViewResolver setupViewResolver(){
        UrlBasedViewResolver resolver = new UrlBasedViewResolver();
        resolver.setPrefix("/");
        resolver.setSuffix(".jsp");
        resolver.setViewClass(JstlView.class);
        return resolver;
    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/static/**").addResourceLocations("/static/");
    }

}

我一直在尝试,但它总是显示503错误。

我该如何解决?

3 个答案:

答案 0 :(得分:12)

您可以简单地创建一个从AbstractSecurityWebApplicationInitializer扩展的类,它将自动为您创建/初始化安全过滤器链。无需代码:

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {}

另外,如果您只是创建一个调度程序servlet,则可以考虑从AbstractAnnotationConfigDispatcherServletInitializer扩展WebAppIntializer类:

public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[]{WebSecurityConfig.class, App.class};
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class[]{WebConfig.class};
    }

    @Override
    protected String[] getServletMappings() {
        return new String[]{
            "/"
        };
    }

答案 1 :(得分:12)

尝试以这种方式注册安全过滤器

FilterRegistration.Dynamic securityFilter = servletContext.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class);
    securityFilter.addMappingForUrlPatterns(null, false, "/*");

在您在 App.java

WebInitializer 中声明为rootContext的配置类中添加@Import({WebSecurityConfig.class})

答案 2 :(得分:5)

您实际上不需要手动添加安全过滤器。您可以扩展AbstractSecurityWebApplicationInitializer,这将插入过滤器。您不需要添加任何其他代码,而不是以下示例中的代码:

package com.example.spring.security.config;

import org.springframework.core.annotation.Order;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

@Order(1)
public class SecurityWebAppInitializer extends AbstractSecurityWebApplicationInitializer {

}

我的安全应用初始化程序通常为@Order(1),标准Web应用初始化程序为@Order(2)

您还需要确保正确设置了组件扫描。我已将它指向错误的包,之前我已经收到此错误。