我正在为 test 配置文件禁用 Spring Security,如下所示:
spring:
config:
activate:
on-profile: test
autoconfigure:
exclude[0]: org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration
exclude[1]: org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration
错误:
Failed to load ApplicationContext
java.lang.IllegalStateException: Failed to load ApplicationContext
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/reactive/ReactiveOAuth2ClientConfigurations$ReactiveOAuth2ClientConfiguration$SecurityWebFilterChainConfiguration.class]: Unsatisfied dependency expressed through method 'springSecurityFilterChain' parameter 0; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'org.springframework.security.config.web.server.ServerHttpSecurity' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations: {}
答案 0 :(得分:0)
例外是告诉你到底出了什么问题。
ReactiveOAuth2ClientConfigurations.class 中的以下类已加载并查找您尚未定义的 ServerHttpSecurity
bean。
@Configuration(proxyBeanMethods = false)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
static class SecurityWebFilterChainConfiguration {
@Bean
@ConditionalOnMissingBean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange().anyExchange().authenticated();
http.oauth2Login();
http.oauth2Client();
return http.build();
}
}
我真的不明白你为什么要通过排除“一些”自动配置来禁用 spring 安全性。
如果你想禁用它,我建议你用 @Profile("test")
来注释 SecurityConfiguration。
但说实话,我根本不想禁用安全性,不在测试中。如果您禁用它,您怎么知道您的安全性将在测试中起作用?
答案 1 :(得分:0)
澄清一下,您不是在禁用 Spring Security,而是在禁用 Spring Security 的 Spring Boot 自动配置。您可以在 Spring Boot reference documentation 中阅读更多相关信息。
在您的配置中,您禁用了 ReactiveSecurityAutoConfiguration
,但 ReactiveOAuth2ClientAutoConfiguration
仍处于启用状态,大概是因为您有一个依赖项,例如 spring-boot-starter-oauth2-client
。
如错误消息中所述,ReactiveOAuth2ClientAutoConfiguration
正在尝试创建 SecurityWebFilterChain
bean,但无法注入所需的 ServerHttpSecurity
bean,因为 ReactiveSecurityAutoConfiguration
已禁用。
要修复错误消息,您也可以禁用 OAuth 2.0 客户端自动配置。
spring:
autoconfigure:
exclude[0]: org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration
exclude[1]: org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration
exclude[2]: org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration
答案 2 :(得分:0)
我正在使用 okta-spring-boot-starter,这对我有用:
spring:
autoconfigure:
exclude:
- org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration
- org.springframework.boot.autoconfigure.security.oauth2.resource.reactive.ReactiveOAuth2ResourceServerAutoConfiguration
- org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration