我在添加spring安全性方面遇到了一些问题。它显示一个错误:没有定义名为'springSecurityFilterChain'的bean
public class WebInitializer implements WebApplicationInitializer {
public void onStartup(ServletContext servletContext) throws ServletException {
// Create the 'root' Spring application context
AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
rootContext.register(App.class);
servletContext.addListener(new ContextLoaderListener(rootContext));
// security filter
servletContext.addFilter(
"springSecurityFilterChain",
new DelegatingFilterProxy("springSecurityFilterChain"))
.addMappingForUrlPatterns(null, false, "/*");
// Manage the lifecycle of the root application context
AnnotationConfigWebApplicationContext webContext = new AnnotationConfigWebApplicationContext();
webContext.register(WebConfig.class);
webContext.setServletContext(servletContext);
ServletRegistration.Dynamic servlet = servletContext.addServlet("dispatcher", new DispatcherServlet(webContext));
servlet.addMapping("/");
servlet.setLoadOnStartup(1);
}
}
在我添加安全过滤器的那一刻,它显示了此错误。我一直在疯狂地试图解决这个问题但没有成功。
这是我的 WebSecurityConfigurerAdapter
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("tom").password("123456").roles("USER");
auth.inMemoryAuthentication().withUser("bill").password("123456").roles("ADMIN");
auth.inMemoryAuthentication().withUser("james").password("123456").roles("SUPERADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/signin").access("hasRole('ROLE_ADMIN')")
.and().formLogin();
}
}
WebConfig
@Configuration
@EnableWebMvc
@ComponentScan(value = {"com.hp.visitor.controller"})
@Import({ WebSecurityConfig.class })
public class WebConfig extends WebMvcConfigurerAdapter {
@Bean
UrlBasedViewResolver setupViewResolver(){
UrlBasedViewResolver resolver = new UrlBasedViewResolver();
resolver.setPrefix("/");
resolver.setSuffix(".jsp");
resolver.setViewClass(JstlView.class);
return resolver;
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**").addResourceLocations("/static/");
}
}
我一直在尝试,但它总是显示503错误。
我该如何解决?
答案 0 :(得分:12)
您可以简单地创建一个从AbstractSecurityWebApplicationInitializer扩展的类,它将自动为您创建/初始化安全过滤器链。无需代码:
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {}
另外,如果您只是创建一个调度程序servlet,则可以考虑从AbstractAnnotationConfigDispatcherServletInitializer扩展WebAppIntializer类:
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[]{WebSecurityConfig.class, App.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{WebConfig.class};
}
@Override
protected String[] getServletMappings() {
return new String[]{
"/"
};
}
答案 1 :(得分:12)
尝试以这种方式注册安全过滤器
FilterRegistration.Dynamic securityFilter = servletContext.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class);
securityFilter.addMappingForUrlPatterns(null, false, "/*");
在您在 App.java
中 WebInitializer 中声明为rootContext的配置类中添加@Import({WebSecurityConfig.class})
答案 2 :(得分:5)
您实际上不需要手动添加安全过滤器。您可以扩展AbstractSecurityWebApplicationInitializer,这将插入过滤器。您不需要添加任何其他代码,而不是以下示例中的代码:
package com.example.spring.security.config;
import org.springframework.core.annotation.Order;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
@Order(1)
public class SecurityWebAppInitializer extends AbstractSecurityWebApplicationInitializer {
}
我的安全应用初始化程序通常为@Order(1),标准Web应用初始化程序为@Order(2)。
您还需要确保正确设置了组件扫描。我已将它指向错误的包,之前我已经收到此错误。