[英]No bean named 'springSecurityFilterChain' is defined - Spring 4 Java configuration
Everything is working fine when it's defined in .xml files. 在.xml文件中定义时,一切工作正常。 Now I've started migrating .xml files to java configs.
现在,我开始将.xml文件迁移到Java配置。 Security.xml is the first file which I've been migrating.
Security.xml是我一直在迁移的第一个文件。
Security.xml security.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<http pattern="/scripts/**" security="none" />
<http pattern="/assets/**" security="none" />
<http auto-config="true">
<intercept-url pattern="/app/admin/**" access="ROLE_SUPER_ADMIN,ROLE_ADMIN" />
<intercept-url pattern="/app/settings/**"
access="ROLE_SUPER_ADMIN,ROLE_ADMIN" />
<intercept-url pattern="/app/**"
access="ROLE_SUPER_ADMIN,ROLE_ADMIN" />
<form-login login-page="/login" default-target-url="/main"
login-processing-url="/session" username-parameter="UserName"
password-parameter="Password" always-use-default-target="true"
authentication-success-handler-ref="authenticationSuccess"
authentication-failure-handler-ref="authenticationFailure" />
<logout logout-url="/app/logout" delete-cookies="JSESSIONID"
invalidate-session="true" logout-success-url="/login" />
</http>
<beans:bean id="authenticationSuccess"
class="com.comp.site.config.AuthenticationSuccess" />
<beans:bean id="authenticationFailure"
class="com.comp.site.config.AuthenticationFailure" />
<beans:bean id="userDao"
class="com.comp.site.dao.hibernate.UserDaoHibernate" />
<beans:bean class="com.comp.security.AuthenticationProvider"
id="authenticationProvider">
<beans:property name="userDetailsService" ref="userDao">
</beans:property>
</beans:bean>
<authentication-manager>
<authentication-provider ref="authenticationProvider" />
</authentication-manager>
<global-method-security>
<protect-pointcut expression="execution(* *..service.UserManager.getUsers(..))"
access="ROLE_ADMIN,ROLE_SUPER_ADMIN" />
<protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))"
access="ROLE_ADMIN,ROLE_SUPER_ADMIN" />
</global-method-security>
</beans:beans>
Migrated SecurityConfig.java 迁移的SecurityConfig.java
package com.comp.springconfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import com.comp.security.AuthenticationProvider;
import com.comp.site.config.AuthenticationFailure;
import com.comp.site.config.AuthenticationSuccess;
import com.comp.site.dao.hibernate.UserDaoHibernate;
@Configuration
@EnableWebSecurity
@ComponentScan
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
AuthenticationSuccess authenticationSuccess;
@Autowired
AuthenticationFailure authenticationFailure;
@Autowired
UserDaoHibernate userDaoHibernate;
@Autowired
AuthenticationProvider authenticationProvider;
@Autowired
public void configureGlobal( AuthenticationManagerBuilder auth ) throws Exception{
auth
.authenticationProvider(authenticationProvider)
.userDetailsService(userDaoHibernate);
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/scripts/**","/assets/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authenticationProvider(authenticationProvider)
.authorizeRequests()
.antMatchers("/app/admin/**")
.hasAnyRole("ROLE_SUPER_ADMIN","ROLE_ADMIN")
.antMatchers("/app/settings/**")
.hasAnyRole("ROLE_SUPER_ADMIN","ROLE_ADMIN")
.antMatchers("/app/**")
.hasAnyRole("ROLE_SUPER_ADMIN","ROLE_ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/main", true)
.loginProcessingUrl("/session")
.usernameParameter("UserName")
.passwordParameter("Password")
.successHandler(authenticationSuccess)
.failureHandler(authenticationFailure)
.and()
.logout()
.logoutUrl("/app/logout")
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.logoutSuccessUrl("/login");
}
}
I'll configure the global-method-security
later, as I need to make the current configuration work first. 稍后,我将配置
global-method-security
,因为我需要首先使当前配置生效。 After running the program I get the following error. 运行程序后,出现以下错误。
SEVERE: Exception starting filter securityFilter
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:694)
at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedLocalBeanDefinition(AbstractBeanFactory.java:1168)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:281)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:962)
at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:324)
at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:235)
at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:199)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:260)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:105)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4603)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5210)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1396)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1386)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Whenever there is some problem with the AuthenticationProvider
provided, this error will happen. 只要所提供的
AuthenticationProvider
出现问题,就会发生此错误。 I've tried to configure AuthenticationProvided using some other steps, but none of them worked. 我尝试使用其他一些步骤来配置AuthenticationProvided,但是没有一个起作用。 Is there something wrong with my current configuration?
我当前的配置有问题吗? I think the problem lies in
AuthenticationManagerBuilder
configuration. 我认为问题出在
AuthenticationManagerBuilder
配置中。
Update 更新
web.xml web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>site</display-name>
<distributable/>
<!-- Context Configuration locations for Spring XML files -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/applicationContext-resources.xml
classpath:/applicationContext-dao.xml
classpath:/applicationContext-service.xml
classpath:/applicationContext.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.fallbackLocale</param-name>
<param-value>en</param-value>
</context-param>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>rewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
<!-- sets up log level (will be logged to context log)
can be: TRACE, DEBUG, INFO (default), WARN, ERROR, FATAL, log4j, commons, sysout:{level} (ie, sysout:DEBUG)
if you are having trouble using normal levels use sysout:DEBUG -->
<init-param>
<param-name>logLevel</param-name>
<param-value>commons</param-value>
</init-param>
<!-- set the amount of seconds the conf file will be checked for reload
can be a valid integer (0 denotes check every time,
-1 denotes no reload check, default -1) -->
<init-param>
<param-name>confReloadCheckInterval</param-name>
<param-value>-1</param-value>
</init-param>
</filter>
<filter>
<filter-name>securityFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>springSecurityFilterChain</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>rewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>securityFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<!-- CONTEXT LISTENERS -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>com.comp.site.listener.StartupListener</listener-class>
</listener>
<!-- SESSION CONFIGURATION -->
<session-config>
<session-timeout>15</session-timeout>
<cookie-config>
<http-only>true</http-only>
<!--<secure>true</secure>-->
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
<!-- SPRING SERVLETS DEFININTIONS -->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
</web-app>
Path of security.xml is /WEB-INF/security.xml
which I've deleted it from Web.xml after writing Java configuration security.xml的路径是
/WEB-INF/security.xml
,在编写Java配置后已将其从Web.xml中删除。
删除所有与“ securityFilter”相关的内容,然后让Spring Security为您自动配置它们。
When you add @EnableWebSecurity
to a class, spring security creates springSecurityFilterChain
bean with several other security beans. 当您将
@EnableWebSecurity
添加到类时,Spring Security会与其他几个springSecurityFilterChain
Bean一起创建springSecurityFilterChain
bean。 As you already have this annotation on your java configuration that means springSecurityFilterChain
bean will get created and placed in ApplicationContext
at setup time. 由于在Java配置上已经具有此批注,这意味着
springSecurityFilterChain
bean将在安装时创建并放置在ApplicationContext
中。 To avoid this error you need to make sure that your java configuration is getting scanned properly. 为了避免此错误,您需要确保正确扫描了Java配置。 Also add your filter in web.xml as given below.
还要在web.xml中添加过滤器,如下所示。
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.