IllegalStateException:需要AuthorizationManager

时间:2015-03-16 15:53:37

标签: java spring spring-security spring-security-oauth2

我正在尝试设置Spring Security,要求OAuth2令牌出现在授权请求上。之前我使用的是spring-cloud-security,但是我收到消息说我需要删除Spring Boot依赖项。我在这里的代码:

package com.myco;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;


@Configuration
public class ServiceSideConfiguration extends ResourceServerConfigurerAdapter
{
    private static final Log logger = LogFactory
            .getLog(ServiceSideConfiguration.class);

    @Value("${myResourceId:}")
    private String resourceId;

    @Autowired
    private RequestMatcher serviceMatcher;

    @Autowired
    private ApplicationContext context;

    @Autowired
    private MyCustomFilter filter;

    private List<ServiceSideConfigurer> configurers = Collections.emptyList();

    @Autowired(required = false)
    public void setConfigurers(List<ServiceSideConfigurer> configurers)
    {
        this.configurers = new ArrayList<ServiceSideConfigurer>(configurers);
        AnnotationAwareOrderComparator.sort(this.configurers);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception
    {
        logger.info("Configuring Service-side security");

        http.requestMatcher(serviceMatcher)
                .csrf()
                .disable()
                .addFilterBefore(filter,
                    SecurityContextHolderAwareRequestFilter.class);

        http.authorizeRequests().requestMatchers(serviceMatcher)
                .authenticated();

        for (ServiceSideConfigurer configurer : configurers)
        {
            configurer.configureBackend(http);
        }
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources)
            throws Exception
    {
        resources.resourceId(resourceId);
    }
}

无法在Spring容器中启动并出现以下错误:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: An AuthenticationManager is required
  at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1111)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1006)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
  at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
  at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
  at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
  at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
  at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:293)
  at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
  at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:755)
  at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:757)
  at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:480)
  at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403)
  at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
  at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
  at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4720)
  at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5154)
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
  at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
  at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
  at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
  at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1069)
  at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1719)
  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
  at java.util.concurrent.FutureTask.run(FutureTask.java:266)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
  at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: An AuthenticationManager is required
  at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
  at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
  ... 29 more
Caused by: java.lang.IllegalArgumentException: An AuthenticationManager is required
  at org.springframework.util.Assert.notNull(Assert.java:112)
  at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:121)
  at org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.createFilterSecurityInterceptor(AbstractInterceptUrlConfigurer.java:187)
  at org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.configure(AbstractInterceptUrlConfigurer.java:76)
  at org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.configure(ExpressionUrlAuthorizationConfigurer.java:70)
  at org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.configure(AbstractInterceptUrlConfigurer.java:64)
  at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:376)
  at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325)
  at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:39)
  at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:293)
  at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:74)
  at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:329)
  at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:39)
  at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:98)
  at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$b7c8fd0a.CGLIB$springSecurityFilterChain$0(<generated>)
  at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$b7c8fd0a$$FastClassBySpringCGLIB$$9c8675a4.invoke(<generated>)

我已经尝试了所有我能想到的...当我手动添加AuthenticationManager时,它会导致依赖循环。我尝试通过自定义SecurityConfigurerAdapter<DefaultFilterSecurityChain, HttpSecurity>对象添加过滤器对象,但这没有效果。

以前有人见过这样的事吗?谢谢!

0 个答案:

没有答案
相关问题
最新问题