我自学了Spring Security。我目前有两个java文件和pom文件。出于某种原因,当我在WebSecurityConfigurerAdapter中覆盖 protected void configure(HttpSecurity http)方法时,它会给出AlreadyBuiltException。如果我删除重写的方法,它将运行没有错误。我的代码如下:
IntegrationTest.java
@SpringBootApplication
@EnableAutoConfiguration(exclude={DataSourceAutoConfiguration.class})
@ComponentScan({"com.socialsignin", "test.com.socialsignin"})
public class IntegrationTest {
public static void main(String[] args) {
ConfigurableApplicationContext context = SpringApplication.run(IntegrationTest.class, args);
}
}
SecurityConfig.java
package com.socialsignin.config;
@EnableWebSecurity
@Component
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.loginPage("/signin")
.loginProcessingUrl("/signin/authenticate")
.failureUrl("/signin?param.error=bad_credentials")
.and()
.logout()
.logoutUrl("/signout")
.deleteCookies("JSESSIONID")
.and()
.authorizeRequests()
.antMatchers("/admin/**", "/favicon.ico", "/resources/**", "/auth/**", "/signin/**", "/signup/**", "/disconnect/facebook").permitAll()
.antMatchers("/**").authenticated()
.and()
.rememberMe()
.and()
.apply(new SpringSocialConfigurer());
}
}
日志
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: SpringSocialConfigurer depends on org.springframework.social.connect.UsersConnectionRepository. No single bean of that type found in application context.
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060) ~[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:326) ~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:235) ~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:199) ~[spring-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279) ~[tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:109) ~[tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4689) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5329) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1407) [tomcat-embed-core-8.0.36.jar:8.0.36]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1397) [tomcat-embed-core-8.0.36.jar:8.0.36]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_66]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_66]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_66]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_66]
引起:org.springframework.beans.BeanInstantiationException:无法实例化[javax.servlet.Filter]:工厂方法&#39; springSecurityFilterChain&#39;抛出异常;嵌套异常是java.lang.IllegalStateException:SpringSocialConfigurer依赖于org.springframework.social.connect.UsersConnectionRepository。在应用程序上下文中找不到该类型的单个bean。 在org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] ...省略了23个常见帧 引起:java.lang.IllegalStateException:SpringSocialConfigurer依赖于org.springframework.social.connect.UsersConnectionRepository。在应用程序上下文中找不到该类型的单个bean。 在org.springframework.social.security.SpringSocialConfigurer.getDependency(SpringSocialConfigurer.java:117)〜[spring-social-security-1.1.4.RELEASE.jar:1.1.4.RELEASE] 在org.springframework.social.security.SpringSocialConfigurer.configure(SpringSocialConfigurer.java:71)〜[spring-social-security-1.1.4.RELEASE.jar:1.1.4.RELEASE] 在org.springframework.social.security.SpringSocialConfigurer.configure(SpringSocialConfigurer.java:44)〜[spring-social-security-1.1.4.RELEASE.jar:1.1.4.RELEASE] 在org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:383)〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] 在org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:329)〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] 在org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] 在org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:289)〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] 在org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:74)〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] 在org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:333)〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] 在org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] 在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:105)〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration $$ EnhancerBySpringCGLIB $$ 2ba5cd93.CGLIB $ springSecurityFilterChain $ 3()〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE ] 在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration $$ EnhancerBySpringCGLIB $$ 2ba5cd93 $$ FastClassBySpringCGLIB $$ 164abca.invoke()〜[spring-security-config-4.0.4.RELEASE.jar:4.0。 4.RELEASE] 在org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)〜[spring-core-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.context.annotation.ConfigurationClassEnhancer $ BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:356)〜[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration $$ EnhancerBySpringCGLIB $$ 2ba5cd93.springSecurityFilterChain()〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)〜[na:1.8.0_66] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)〜[na:1.8.0_66] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)〜[na:1.8.0_66] 在java.lang.reflect.Method.invoke(Method.java:497)〜[na:1.8.0_66] 在org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] ...省略了24个常用帧 引起:org.springframework.beans.factory.NoSuchBeanDefinitionException:没有定义[org.springframework.social.connect.UsersConnectionRepository]类型的限定bean 在org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:372)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:332)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1066)〜[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.social.security.SpringSocialConfigurer.getDependency(SpringSocialConfigurer.java:114)〜[spring-social-security-1.1.4.RELEASE.jar:1.1.4.RELEASE] ...省略了44个常见帧
2016-07-27 12:13:30.582 ERROR 3869 --- [ost-startStop-1] o.apache.catalina.core.StandardContext:一个或多个过滤器无法启动。完整的详细信息将在相应的容器日志文件中找到 2016-07-27 12:13:30.583 ERROR 3869 --- [ost-startStop-1] o.apache.catalina.core.StandardContext:Context []启动因前面的错误而失败 2016-07-27 12:13:30.627 WARN 3869 --- [main] ationConfigEmbeddedWebApplicationContext:在上下文初始化期间遇到异常 - 取消刷新尝试:org.springframework.beans.factory.BeanCreationException:创建名称为&#39; springSecurityFilterChain&的bean时出错#39;在类路径资源中定义[org / springframework / security / config / annotation / web / configuration / WebSecurityConfiguration.class]:通过工厂方法的Bean实例化失败;嵌套异常是org.springframework.beans.BeanInstantiationException:无法实例化[javax.servlet.Filter]:工厂方法&#39; springSecurityFilterChain&#39;抛出异常;嵌套异常是org.springframework.security.config.annotation.AlreadyBuiltException:此对象已经构建 2016-07-27 12:13:30.632 INFO 3869 --- [主要] o.apache.catalina.core.StandardService:停止服务Tomcat 2016-07-27 12:13:30.638 ERROR 3869 --- [main] o.s.boot.SpringApplication:应用程序启动失败
org.springframework.beans.factory.BeanCreationException:使用名称&#39; springSecurityFilterChain&#39;创建bean时出错。在类路径资源中定义[org / springframework / security / config / annotation / web / configuration / WebSecurityConfiguration.class]:通过工厂方法的Bean实例化失败;嵌套异常是org.springframework.beans.BeanInstantiationException:无法实例化[javax.servlet.Filter]:工厂方法&#39; springSecurityFilterChain&#39;抛出异常;嵌套异常是org.springframework.security.config.annotation.AlreadyBuiltException:此对象已经构建 在org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123)~ [spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory $ 1.getObject(AbstractBeanFactory.java:306)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:296)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)~ [spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)〜[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)〜[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:118)~ [spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] 在org.springframework.boot.SpringApplication.refresh(SpringApplication.java:760)[spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] 在org.springframework.boot.SpringApplication.createAndRefreshContext(SpringApplication.java:360)[spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] 在org.springframework.boot.SpringApplication.run(SpringApplication.java:306)[spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] 在org.springframework.boot.SpringApplication.run(SpringApplication.java:1185)[spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] 在org.springframework.boot.SpringApplication.run(SpringApplication.java:1174)[spring-boot-1.3.6.RELEASE.jar:1.3.6.RELEASE] at test.com.socialsignin.app.IntegrationTest.main(IntegrationTest.java:15)[test-classes /:na] 引起:org.springframework.beans.BeanInstantiationException:无法实例化[javax.servlet.Filter]:工厂方法&#39; springSecurityFilterChain&#39;抛出异常;嵌套异常是org.springframework.security.config.annotation.AlreadyBuiltException:此对象已经构建 在org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] ...省略了20个常见帧 引起:org.springframework.security.config.annotation.AlreadyBuiltException:该对象已经构建 在org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:44)〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] 在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:105)〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration $$ EnhancerBySpringCGLIB $$ 2ba5cd93.CGLIB $ springSecurityFilterChain $ 3()〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE ] 在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration $$ EnhancerBySpringCGLIB $$ 2ba5cd93 $$ FastClassBySpringCGLIB $$ 164abca.invoke()〜[spring-security-config-4.0.4.RELEASE.jar:4.0。 4.RELEASE] 在org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)〜[spring-core-4.2.7.RELEASE.jar:4.2.7.RELEASE] 在org.springframework.context.annotation.ConfigurationClassEnhancer $ BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:356)〜[spring-context-4.2.7.RELEASE.jar:4.2.7.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration $$ EnhancerBySpringCGLIB $$ 2ba5cd93.springSecurityFilterChain()〜[spring-security-config-4.0.4.RELEASE.jar:4.0.4.RELEASE] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)〜[na:1.8.0_66] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)〜[na:1.8.0_66] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)〜[na:1.8.0_66] 在java.lang.reflect.Method.invoke(Method.java:497)〜[na:1.8.0_66] 在org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)〜[spring-beans-4.2.7.RELEASE.jar:4.2.7.RELEASE] ...省略了21个常见帧
答案 0 :(得分:0)
我也遇到了这个错误,没有任何我能检测到的变化。也许当我升级到Spring Boot 1.4但不确定时。令人沮丧的是,从我的IDE运行没有显示错误,它只发生在Heroku上。我要解决的改变是添加&#34; @Order(0)&#34;到内部类,请参阅下面的代码示例。设置安全配置非常混乱,所以我不清楚为什么这样可行,但也许它可以帮助其他人作为尝试的东西。
同样,对于使用configureGlobal的情况,请查看https://github.com/spring-projects/spring-security/issues/3042和Can not apply DaoAuthenticationConfigurer to already built object,因为它们也可能相关。
@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SpringSecurityConfigurer {
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
/** We expect that the URLs secured here are called as part of the application or via websocket. */
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/restapi/requests/**", "/simulation/**", "/api/**", "/wsconnect/**").and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.csrf().disable();
}
}
@Configuration
@Order(2)
public static class StatelessApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
/** We expect that the URLs secured here are called called externally. */
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/restapi/**").and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable();
}
}
@Configuration
@Order(3)
public static class SubscriptionWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/subscribe**","/subscribe/**").and()
.addFilterBefore(new ApplicationSecurityTokenFilter(), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.csrf().disable();
}
}
@Configuration
@Order(0)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
ApplicationUserDetailsManager applicationUserDetailsManager;
@Autowired // need Autowired instead of Override here, not clear why!
public void configure(AuthenticationManagerBuilder auth) throws Exception {
// configure the repository user details service
// PasswordEncoder encoder = new BCryptPasswordEncoder();
auth.userDetailsService(applicationUserDetailsManager);
// make sure we have the default user if it is not there
if(!applicationUserDetailsManager.userExists("user")) {
ApplicationUser defaultApplicationUser = new ApplicationUser();
defaultApplicationUser.setUsername("user");
defaultApplicationUser.setPassword("password");
defaultApplicationUser.setEnabled(true);
applicationUserDetailsManager.createUser(new ApplicationUserDetails(defaultApplicationUser));
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// configure our web security that uses a form login
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll()
// note that this overrides CSRF for logout as it allows a GET to logout
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.and()
.rememberMe();
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
// Spring Security should completely ignore URLs starting with /icons/ and /images/
.antMatchers("/icons/**")
.antMatchers("/images/**")
.antMatchers("/favicon.ico");
}
}
}
答案 1 :(得分:0)
尝试从@EnableWebSecurity类中删除SecurityConfig注释。 Spring Boot可能会在其自动魔术中添加此注释。至少这对我今天的情况有所帮助。