我让OAuth 2配置正常运行,我目前也正在启用Web UI。由于配置涉及Web安全性,我已经设置了部分内容。实际上,我的理解是,除了MVC组件(如登录页面,URL映射等)之外,我不再需要添加更多内容了。但是,我在登录Web时遇到了问题应用程序,因为用户被标记为anonymousUser
。
WebSecurityConfigurerAdapter
和ResourceServerConfigurerAdapter
都定义了方法configure(HttpSecurity)
。目前,我使用的是ResourceServerConfigurerAdapter
中定义的那个,但我遇到的用户被标记为匿名。如果我尝试使用WebSecurityConfigurerAdapter
中的那个(当前配置了OAuth 2),我会收到以下错误消息:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer@546ed2a0 to already built object
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599) ~[spring-beans-4.3.4.RELEASE.jar:4.3.4.RELEASE]
...
引起:
Caused by: java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer@546ed2a0 to already built object
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.add(AbstractConfiguredSecurityBuilder.java:196) ~[spring-security-config-4.1.3.RELEASE.jar:4.1.3.RELEASE]
...
但是,当我禁用与OAuth 2相关的所有内容,并且仅使用WebSecurityConfigurerAdapter
(设置HttpSecurity
)时,通过Web UI登录按预期工作(即用户未标记为匿名)。我不确定在这方面我犯了哪个关键区域。