[英]Spring Boot Security OAuth2: WebSecurityConfigurerAdapter: 302 Redirect to /error
[英]Spring Security: Error while upgrading the deprecated WebSecurityConfigurerAdapter in Spring Boot 2.7.2
我正在嘗試將 spring 引導版本從 2.1.7.RELEASE 升級到 2.7.2。 版本更改后,我看到 WebSecurityConfigurerAdapter 已棄用。 當前配置如下所示。
@EnableOAuth2Sso
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfigure extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests()
.antMatchers(HttpMethod.POST, "**/api/**").permitAll()
.antMatchers(HttpMethod.GET, "**/api/**").permitAll()
.anyRequest().authenticated().and()
.csrf().disable()
.sessionManagement().maximumSessions(-1).sessionRegistry(sessionRegistry());
http.headers().frameOptions().sameOrigin();
TransactionSynchronizationManager.setActualTransactionActive(true);
}
}
在遵循這個遷移指南 - Spring Security without the WebSecurityConfigurerAdapter 之后,我修改了代碼如下。
@EnableOAuth2Sso
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfigure {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests().antMatchers(HttpMethod.POST, "**/api/**").permitAll()
.antMatchers(HttpMethod.GET, "**/api/**").permitAll().anyRequest().authenticated().and().csrf()
.disable().sessionManagement().maximumSessions(-1).sessionRegistry(sessionRegistry());
http.headers().frameOptions().sameOrigin();
TransactionSynchronizationManager.setActualTransactionActive(true);
return http.build();
}
}
更改后,我在啟動應用程序時收到此錯誤。
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.
我正在使用 spring 安全 oauth2 來啟用 SSO
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.0.0.RELEASE</version>
</dependency>
我高度懷疑@EnableOAuth2Sso
錯誤背后的原因。 任何幫助,將不勝感激。
如異常所示,因為@EnableOAuth2Sso
導入OAuth2SsoDefaultConfiguration
它擴展WebSecurityConfigurerAdapter
您可以使用 dsl http.oauth2Login()
而不是使用@EnableOAuth2Sso
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.