将Spring Boot与Spring Security集成

Question

Here's my application class.

@SpringBootApplication
@ComponentScan({"org.app.genesis.client.controller","org.app.genesis.commons.service",
    "org.app.genesis.commons.security","org.app.genesis.inventory.service","org.app.genesis.client.auth"})
@EnableJpaRepositories(basePackages = "org.app.genesis.*.repo")
@EntityScan(basePackages = "org.app.genesis.*.model")
public class Application extends SpringBootServletInitializer {

    public static void main(String[] args) {
        ApplicationContext ctx = SpringApplication.run(Application.class, args);
    }

    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(Application.class);
    }

   ..other configs here

    @Configuration
    @EnableWebSecurity
    @ComponentScan({"org.app.genesis.client.auth"})
    public class SecurityConfig extends WebSecurityConfigurerAdapter {

        @Autowired
        private AuthenticationProvider customAuthProvider;

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth.authenticationProvider(customAuthProvider);
        }
    }
}

However whenever I build the app. it always throw this exception

[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:1.2.3.RELEASE:run (default-cli) on project app-client-webapp: An exception occured while running. null:
 InvocationTargetException: Unable to start embedded container; nested exception is org.springframework.boot.context.embedded.EmbeddedServletContainerException: Unable to start embedded Tomcat: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void `org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(org.springframework.security.config.annotation.ObjectPostProcessor,java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.app.genesis.client.Application$SecurityConfig': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.app`enter code here`.genesis.client.Application$SecurityConfig$$EnhancerBySpringCGLIB$$b49171d7]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.app.genesis.client.Application$SecurityConfig$$EnhancerBySpringCGLIB$$b49171d7.<init>() -> [Help 1]`

EDIT: New Spring Security Config

@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("customAuthenticationProvider")
    private AuthenticationProvider customAuthProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth){
        auth.authenticationProvider(customAuthProvider);
    }

    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests().anyRequest().authenticated();
        http
            .formLogin().failureUrl("/login?error")
            .defaultSuccessUrl("/dashboard")
            .loginPage("/login")
            .permitAll()
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login")
            .permitAll().and().csrf().disable();
    }
}

Answer 1

Complete code is missing because of which I can't pin point the line which is causing this issue but I will definitely make an attempt to explain it, so that you can fix it yourself

@EnableWebSecurity

The JavaDoc documentaion:

Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by extending the WebSecurityConfigurerAdapter base class and overriding individual methods.

It seems like either you missed to override "configure" method of WebSecurityConfigurerAdapter base class or didn't implemented the "configureGlobal" method correctly or you may want to create a class extends AbstractSecurityWebApplicationInitializer, it will load the springSecurityFilterChain automatically.

However I suggest you to go through the following sources and you should be able to figure out what is that you are missing.

1. https://github.com/spring-projects/spring-security-oauth-javaconfig/blob/master/samples/oauth2-sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/SecurityConfiguration.java
2. http://www.mkyong.com/spring-security/spring-security-hello-world-annotation-example/