我计划将我的应用程序中的每个API关联到特定的权限。为此,我已经配置了spring security(具有Java配置的spring MVC)。我现在面临的问题是,当我尝试启动应用程序(带有tomcat的Web应用程序)时,出现以下日志时出现堆栈溢出错误。
The system is out of resources.
Consult the following stack trace for details.
java.lang.StackOverflowError
at com.sun.tools.javac.comp.Attr.attribTree(Attr.java:576)
at com.sun.tools.javac.comp.Attr.visitSelect(Attr.java:3250)
at com.sun.tools.javac.tree.JCTree$JCFieldAccess.accept(JCTree.java:1897)
at com.sun.tools.javac.comp.Attr.attribTree(Attr.java:576)
at com.sun.tools.javac.comp.Attr.visitApply(Attr.java:1825)
at com.sun.tools.javac.tree.JCTree$JCMethodInvocation.accept(JCTree.java:1465)
at com.sun.tools.javac.comp.Attr.attribTree(Attr.java:576)
at com.sun.tools.javac.comp.Attr.visitSelect(Attr.java:3250)
at com.sun.tools.javac.tree.JCTree$JCFieldAccess.accept(JCTree.java:1897)
at com.sun.tools.javac.comp.Attr.attribTree(Attr.java:576)
at com.sun.tools.javac.comp.Attr.visitApply(Attr.java:1825)
at com.sun.tools.javac.tree.JCTree$JCMethodInvocation.accept(JCTree.java:1465)
at com.sun.tools.javac.comp.Attr.attribTree(Attr.java:576)
at com.sun.tools.javac.comp.Attr.visitSelect(Attr.java:3250)
at com.sun.tools.javac.tree.JCTree$JCFieldAccess.accept(JCTree.java:1897)
at com.sun.tools.javac.comp.Attr.attribTree(Attr.java:576)
at com.sun.tools.javac.comp.Attr.visitApply(Attr.java:1825)
当我从安全配置中减少antMatchers时,问题就消失了。这是我的spring安全配置文件。
我在这里减少了.antMathers。共有370个蚂蚁。
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//TODO: Interceptors are currently configured in xml. Configuration should be done in java.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**", "/login*", "/signup/**").permitAll()
.antMatchers("/AccessControl/users").hasAuthority("AccessControl_users")
.antMatchers("/AccessControl/removeUser").hasAuthority("AccessControl_removeUser")
.antMatchers("/AccessControl/toggleStatus").hasAuthority("AccessControl_toggleStatus")
//Eliminating the middle one for simplicity
.antMatchers("/AccessControl/manageUser").hasAuthority("AccessControl_manageUser")
.antMatchers("/AccessControl/manageUserPost").hasAuthority("AccessControl_manageUserPost")
.antMatchers("/Account/addAccount").hasAuthority("Account_addAccount")
.antMatchers("/Account/AccountListing").hasAuthority("Account_AccountListing")
.antMatchers("/account/edit").hasAuthority("account_edit")
.antMatchers("/Account/printPaymentPettyCash").hasAuthority("Account_printPaymentPettyCash")
.antMatchers("account/getTaxDetailList").hasAuthority("account_getTaxDetailList")
.antMatchers("Account/ajax/getChequeNumberList").hasAuthority("Account_ajax_getChequeNumberList")
.antMatchers("/home").hasAuthority("home")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.csrf().disable()
.logout()
.permitAll();
}
@Bean
public AuthenticationManager customAuthenticationManager() throws Exception {
return authenticationManager();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
}
}
使用URL模式是我所知道的解决方案,但是无论如何我都可以纠正我在做什么。