我正在尝试通过数据库登录spring security。
我的SecurityConfig代码:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.passwordEncoder(passwordEncoder())
.usersByUsernameQuery(
"SELECT email as username,password,active_yn FROM users where email=?")
.authoritiesByUsernameQuery(
"SELECT users.email as username,user_role.role_code as user_role FROM users inner join user_role on users.user_id=user_role.user_id where users.email=?");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("uname@gmail.com").password("pass").roles("USER");
auth.inMemoryAuthentication().withUser("admin@gmail.com").password("pass").roles("ADMIN");
auth.inMemoryAuthentication().withUser("expert@gmail.com").password("pass").roles("EXPERT");
}
//.csrf() is optional, enabled by default, if using WebSecurityConfigurerAdapter constructor
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/client/**").access("hasRole('ROLE_USER')")
.antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
.antMatchers("/expert/**").access("hasRole('ROLE_EXPERT')")
.and()
.formLogin().loginPage("/login").failureUrl("/login?error")
.usernameParameter("username").passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/login?logout")
.and()
.csrf();
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
我的MainConfig代码:
@Configuration
@ComponentScan("com.package.project")
@EnableWebMvc
@EnableTransactionManagement
@PropertySource("classpath:pro-${env.name}.properties")
@Import({SecurityConfig.class})
public class MainConfig extends WebMvcConfigurerAdapter {
@Value("${jdbc.classname}")
private String jdbcClassname;
@Value("${jdbc.url}")
private String jdbcUrl;
@Value("${jdbc.username}")
private String jdbcUsername;
@Value("${jdbc.password}")
private String jdbcPassword;
//code
@Bean(name = "dataSource")
public BasicDataSource dataSource() {
BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName(jdbcClassname);
dataSource.setUrl(jdbcUrl);
dataSource.setUsername(jdbcUsername);
dataSource.setPassword(jdbcPassword);
return dataSource;
}
}
我的消息属性:
jdbc.classname=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://10.0.1.28:3306/test
jdbc.username=root
jdbc.password=pass
我也补充说 class扩展为AbstractAnnotationConfigDispatcherServletInitializer。
我的例外:
2015-03-31 13:35:32 WARN AnnotationConfigWebApplicationContext:487 - Exception encountered during context initialization - cancelling refresh attempt org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfig': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: javax.sql.DataSource com.project.pro.config.SecurityConfig.dataSource; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [javax.sql.DataSource] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)} Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire field: javax.sql.DataSource com.project.pro.config.SecurityConfig.dataSource; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [javax.sql.DataSource] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)} Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [javax.sql.DataSource] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)} 2015-03-31 13:35:32 ERROR ContextLoader:331 - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfig': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: javax.sql.DataSource com.project.pro.config.SecurityConfig.dataSource; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [javax.sql.DataSource] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)}
这里我的AbstractAnnotationConfigDispatcherServletInitializer Fille:
公共类ProWebAppInitializer扩展了AbstractAnnotationConfigDispatcherServletInitializer {@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] {SecurityConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { MainConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
答案 0 :(得分:1)
问题是Spring Security是在根ApplicationContext中注册的,它无法看到子ApplicationContext中定义的bean(即servletConfigClasses)。
将BasicDataSource移动到父ApplicationContext,它应该可以正常工作。请注意,必须在servletConfigClasses中声明任何与Spring MVC相关的配置(即EnableWebMvc,Controllers等)以确保它们被拾取。
因此,在您的实例中,BasicDataSource在MainConfig中定义,它通过getServletConfigClasses公开。这意味着BasicDataSource仅适用于通过getServletConfigClasses公开的配置。
SecurityConfig通过getRootConfigClasses公开,这意味着它无法在getServletConfigClasses中看到任何内容。这意味着它无法看到BasicDataSource。
可以通过getServletConfigClasses看到通过getRootConfigClasses公开的任何配置。
因此,您可以按如下方式更新配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(passwordEncoder())
.usersByUsernameQuery(
"SELECT email as username,password,active_yn FROM users where email=?")
.authoritiesByUsernameQuery(
"SELECT users.email as username,user_role.role_code as user_role FROM users inner join user_role on users.user_id=user_role.user_id where users.email=?")
.and()
.inMemoryAuthentication()
.withUser("uname@gmail.com").password("pass").roles("USER").and()
.withUser("admin@gmail.com").password("pass").roles("ADMIN").and()
.withUser("expert@gmail.com").password("pass").roles("EXPERT");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/client/**").access("hasRole('ROLE_USER')")
.antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
.antMatchers("/expert/**").access("hasRole('ROLE_EXPERT')")
.and()
.formLogin()
.loginPage("/login");
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Configuration
@ComponentScan("com.package.project")
@EnableTransactionManagement
@PropertySource("classpath:pro-${env.name}.properties")
public class MainConfig {
@Value("${jdbc.classname}")
private String jdbcClassname;
@Value("${jdbc.url}")
private String jdbcUrl;
@Value("${jdbc.username}")
private String jdbcUsername;
@Value("${jdbc.password}")
private String jdbcPassword;
//code
@Bean(name = "dataSource")
public BasicDataSource dataSource() {
BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName(jdbcClassname);
dataSource.setUrl(jdbcUrl);
dataSource.setUsername(jdbcUsername);
dataSource.setPassword(jdbcPassword);
return dataSource;
}
}
@Configuration
@ComponentScan("com.package.project")
@EnableWebMvc
public class WebMvcConfig extends WebMvcConfigurerAdapter {
// ... if you don't override any methods you don't need to extend WebMvcConfigurerAdapter
}
public class ProWebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] {SecurityConfig.class, MainConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] { WebMvcConfig.class };
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}