Spring安全性和@Configuration顺序
[英]Spring security and @Configuration order
问题描述
I was dealing with several spring issues (spring security was usually involved but also other technologies mentioned in tags for this question) with @Configuration ordering where something was initialized "too early" or "too late". 
我正在使用@Configuration顺序处理一些春季问题(通常涉及春季安全性,但还涉及此问题的标记中提到的其他技术),其中某些事物的初始化“太早”或“太晚”。
To name an example: When customizing Tomcat: A ServletContext is required to configure default servlet handling 举例说明: 自定义Tomcat时:配置默认Servlet处理时需要ServletContext。
The answer usually was to create separate @Configuration file for some of the beans and then it started to work. 答案通常是为某些bean创建单独的@Configuration文件,然后开始工作。 The nature of the errors (stacktraces) I was getting didn't usually ring bells which was probably my fault :) 我所得到的错误(堆栈跟踪)的性质通常并不响,这可能是我的错:)
Can someone please point me out where I can find information about why creating separate @Configuration class helps and how the order of @Configuration classes is determined? 有人可以指出我在哪里可以找到有关为什么创建单独的@Configuration类有帮助以及如何确定@Configuration类的顺序的信息吗?
Any tips on what to watch for in the stacktrace to identify this type of issues will be also much appreciated. 在堆栈跟踪中要注意什么以识别此类问题的任何提示也将不胜感激。
1 个解决方案
解决方案1
1 已采纳 2014-09-29 14:43:17
The reason it sometimes helps is because it gives Spring alternative options for the order of bean creation. 它之所以有时有用的原因是因为它为Spring的bean创建顺序提供了其他选择。 An (over-)simplified way of looking at it is to say that if you put everything in one file, then the order is determined by the contents of the file. 一种(过度)简化的查看方式是说,如果将所有内容都放在一个文件中,则顺序由文件的内容确定。 Whereas, if you break it up, then Spring can explore other options and things can fall into place in another more suitable order. 而如果您将其分解,那么Spring可以探索其他选择,并且事情可能会以另一种更合适的顺序出现。 Note that you can use inner classes and package protected classes for @Configuration (as long as they are static), so you don't need to create new files. 请注意,您可以对@Configuration使用内部类和受包保护的类(只要它们是静态的),因此您无需创建新文件。
A @Configuration class can also be self-contradictory (eg you want to @Autowired something that is created in the same unit - sometimes it works and sometimes not). @Configuration类也可以是自相矛盾的(例如,您要@Autowired在同一单元中创建的某些内容-有时可以工作,有时不可以)。 Also, more often than not in these situations, there are components created by Spring (not by your own code explicitly) that need to be instantiated early. 同样,在大多数情况下,Spring所创建的组件(不是由您自己的代码明确创建的)通常需要尽早实例化。 Spring Boot exacerbates that, necessarily, by needing to create Servlets and Filters before the ServletContext is fully initialized. Spring Boot必须在完全初始化ServletContext之前创建Servlets和Filters ,从而加剧了这种情况。
As far as stack traces go, an @Autowired dependency that turns out to be null is a smell. 就堆栈跟踪而言,@ @Autowired依赖项原来为空,这是一种气味。 Also in logs you might see INFO level logs saying the certain beans are 'ineligible for post processing'. 同样在日志中,您可能会看到INFO级别的日志,指出某些bean“不适合进行后期处理”。 That's not guaranteed to be fatal (hence the INFO level) but if you see a lot of it you may be heading for trouble. 不能保证这是致命的(因此是INFO级别),但是如果您看到很多,则可能会遇到麻烦。
I don't know of any canonical reference for this kind of reasoning. 对于这种推理,我不知道任何规范的参考。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.