禁用 Spring Security 导致无法加载应用程序上下文

时间:2021-07-01 22:15:34

标签: spring-boot spring-security spring-webflux

我正在为 test 配置文件禁用 Spring Security,如下所示:

spring:
  config:
    activate:
      on-profile: test
  autoconfigure:
    exclude[0]: org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration
    exclude[1]: org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration

错误:

Failed to load ApplicationContext
java.lang.IllegalStateException: Failed to load ApplicationContext

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/reactive/ReactiveOAuth2ClientConfigurations$ReactiveOAuth2ClientConfiguration$SecurityWebFilterChainConfiguration.class]: Unsatisfied dependency expressed through method 'springSecurityFilterChain' parameter 0; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'org.springframework.security.config.web.server.ServerHttpSecurity' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations: {}

3 个答案:

答案 0 :(得分:0)

例外是告诉你到底出了什么问题。

ReactiveOAuth2ClientConfigurations.class 中的以下类已加载并查找您尚未定义的 ServerHttpSecurity bean。

@Configuration(proxyBeanMethods = false)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
static class SecurityWebFilterChainConfiguration {

            @Bean
            @ConditionalOnMissingBean
            SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
                http.authorizeExchange().anyExchange().authenticated();
                http.oauth2Login();
                http.oauth2Client();
                return http.build();
    }
}

我真的不明白你为什么要通过排除“一些”自动配置来禁用 spring 安全性。

如果你想禁用它,我建议你用 @Profile("test") 来注释 SecurityConfiguration。

但说实话,我根本不想禁用安全性,不在测试中。如果您禁用它,您怎么知道您的安全性将在测试中起作用?

答案 1 :(得分:0)

澄清一下,您不是在禁用 Spring Security,而是在禁用 Spring Security 的 Spring Boot 自动配置。您可以在 Spring Boot reference documentation 中阅读更多相关信息。

在您的配置中,您禁用了 ReactiveSecurityAutoConfiguration,但 ReactiveOAuth2ClientAutoConfiguration 仍处于启用状态,大概是因为您有一个依赖项,例如 spring-boot-starter-oauth2-client

如错误消息中所述,ReactiveOAuth2ClientAutoConfiguration 正在尝试创建 SecurityWebFilterChain bean,但无法注入所需的 ServerHttpSecurity bean,因为 ReactiveSecurityAutoConfiguration 已禁用。

要修复错误消息,您也可以禁用 OAuth 2.0 客户端自动配置。

spring:
 autoconfigure:
    exclude[0]: org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration
    exclude[1]: org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration
    exclude[2]: org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration

答案 2 :(得分:0)

我正在使用 okta-spring-boot-starter,这对我有用:

spring:
  autoconfigure:
    exclude:
      - org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration
      - org.springframework.boot.autoconfigure.security.oauth2.resource.reactive.ReactiveOAuth2ResourceServerAutoConfiguration
      - org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration
相关问题
最新问题