[英]Spring Boot: Filter execution threw an exception - java.lang.AbstractMethodError
I setup a fairly simple secure application using spring boot, but I keep getting this exception from the server after I successfully log in: 我使用spring boot设置了一个相当简单的安全应用程序,但是成功登录后,我不断从服务器获取此异常:
javax.servlet.ServletException: Filter execution threw an exception
org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.boot.context.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:116)
org.springframework.boot.context.web.ErrorPageFilter.access$000(ErrorPageFilter.java:60)
org.springframework.boot.context.web.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:91)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.boot.context.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:109)
root cause
java.lang.AbstractMethodError
javax.servlet.http.HttpServletRequestWrapper.changeSessionId(HttpServletRequestWrapper.java:290)
javax.servlet.http.HttpServletRequestWrapper.changeSessionId(HttpServletRequestWrapper.java:290)
sun.reflect.GeneratedMethodAccessor295.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:497)
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:203)
org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:188)
org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy.applySessionFixation(ChangeSessionIdAuthenticationStrategy.java:48)
org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.onAuthentication(AbstractSessionFixationProtectionStrategy.java:82)
org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy.onAuthentication(ChangeSessionIdAuthenticationStrategy.java:32)
org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy.onAuthentication(CompositeSessionAuthenticationStrategy.java:83)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:216)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:105)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.boot.context.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:116)
org.springframework.boot.context.web.ErrorPageFilter.access$000(ErrorPageFilter.java:60)
org.springframework.boot.context.web.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:91)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.boot.context.web.ErrorPageFilter.doFilter(ErrorPageFilter.java:109)
Here is my initializer class: 这是我的初始化器类:
@EnableAutoConfiguration
@SpringBootApplication
public class RecruitingDashboardApplication extends SpringBootServletInitializer {
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(RecruitingDashboardApplication.class);
}
public static void main(String[] args) throws Exception {
SpringApplication.run(RecruitingDashboardApplication.class, args);
}
}
And my viewResolver configuration class: 还有我的viewResolver配置类:
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Bean
public ViewResolver viewResolver() {
ClassLoaderTemplateResolver templateResolver = new ClassLoaderTemplateResolver();
templateResolver.setPrefix("templates/");
templateResolver.setSuffix(".html");
SpringTemplateEngine engine = new SpringTemplateEngine();
engine.setTemplateResolver(templateResolver);
ThymeleafViewResolver viewResolver = new ThymeleafViewResolver();
viewResolver.setTemplateEngine(engine);
return viewResolver;
}
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("dashboard");
registry.addViewController("/login").setViewName("login");
}
}
And finally my security configuration class: 最后是我的安全配置类:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers()
.frameOptions()
.disable()
.authorizeRequests()
.antMatchers("/css/**", "/img/**", "/fonts/**").permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("username").password("password").roles("USER");
}
}
These are the pom dependencies I'm using: 这些是我正在使用的pom依赖项:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>net.sourceforge.nekohtml</groupId>
<artifactId>nekohtml</artifactId>
<version>1.9.22</version>
</dependency>
</dependencies>
Any help is appreciated. 任何帮助表示赞赏。 I've spend three days on this problem and I've searched everywhere on the web, but I could not find a solution.
我已经花了三天时间解决这个问题,并且在网上搜索了所有内容,但是找不到解决方案。
UPDATE UPDATE
It seems I don't get the exception when deploying to Tomcat 8. I only get it on Tomcat 7. 似乎在部署到Tomcat 8时没有得到异常。我仅在Tomcat 7上得到了异常。
UPDATE 2 更新2
I've updated my pom file to include the spring-boot-starter-tomcat
dependency with a provided
scope. 我已经更新了pom文件,使其包含带有
provided
作用域的spring-boot-starter-tomcat
依赖项。 I've also excluded that same transient dependency from spring-boot-starter-web
, as described in this question . 我还从
spring-boot-starter-web
排除了相同的瞬时依赖关系,如本问题所述 。 However, the problem still persists. 但是,问题仍然存在。
You are deploying a war-based artifact. 您正在部署基于战争的工件。
spring-boot-starter-web
provides an embedded web container (Tomcat by default) and the servlet-api goes with it obviously. spring-boot-starter-web
提供了一个嵌入式Web容器(默认情况下为Tomcat),而servlet-api显然也附带了该容器。 The container on which you deploy the war uses another version of the API. 部署战争的容器使用另一版本的API。
You need to flag spring-boot-starter-tomcat
with the provided scope so that your war does not bring that extra dependency along. 您需要使用提供的范围标记
spring-boot-starter-tomcat
,以便您的战争不会带来额外的依赖。 The Spring Boot maven plugin is able to detect that and places such provided dependencies in a separate location of the fat war so that you can still run it from the command line ( java -jar yourapp.war
). Spring Boot maven插件能够检测到该问题并将此类提供的依赖项放置在胖战的单独位置,因此您仍然可以从命令行(
java -jar yourapp.war
)运行它。 You are free not to use that and just build a regular war file. 您可以自由地不使用它,而只是构建常规的war文件。 Don't use the Spring Boot maven plugin in such scenario.
在这种情况下,请勿使用Spring Boot maven插件。
This is explained in the documentation 在文档中对此进行了解释
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.