SpringSecurity配置,用着用着就过期了,而且还报unsafe异常,真的是不让懒人活着啊。
找了一圈,都说用 @Bean的方式注入,代替继承WebSecurityConfigurerAdapter。
试了一下,老是报异常:
Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.我已经把
@EnableWebSecurity去掉了,还是报这个,不知道哪里又加载了
WebSecurityConfiguration这个类了。
索性不管了,直接覆盖。
- @Configuration(
- proxyBeanMethods = false
- )
- public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAware {
- ‘’‘’‘’‘’
-
- @Bean
- @DependsOn({"springSecurityFilterChain"})
- public SecurityExpressionHandler
webSecurityExpressionHandler() { - return this.webSecurity.getExpressionHandler();
- }
-
- @Bean(
- name = {"springSecurityFilterChain"}
- )
- public Filter springSecurityFilterChain() throws Exception {
- boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();
- boolean hasFilterChain = !this.securityFilterChains.isEmpty();
- Assert.state(!hasConfigurers || !hasFilterChain, "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
- if (!hasConfigurers && !hasFilterChain) {
- WebSecurityConfigurerAdapter adapter = (WebSecurityConfigurerAdapter)this.objectObjectPostProcessor.postProcess(new WebSecurityConfigurerAdapter() {
- });
- this.webSecurity.apply(adapter);
- }
-
- Iterator var7 = this.securityFilterChains.iterator();
-
- while(true) {
- while(var7.hasNext()) {
- SecurityFilterChain securityFilterChain = (SecurityFilterChain)var7.next();
- this.webSecurity.addSecurityFilterChainBuilder(() -> {
- return securityFilterChain;
- });
- Iterator var5 = securityFilterChain.getFilters().iterator();
-
- while(var5.hasNext()) {
- Filter filter = (Filter)var5.next();
- if (filter instanceof FilterSecurityInterceptor) {
- this.webSecurity.securityInterceptor((FilterSecurityInterceptor)filter);
- break;
- }
- }
- }
-
- var7 = this.webSecurityCustomizers.iterator();
-
- while(var7.hasNext()) {
- WebSecurityCustomizer customizer = (WebSecurityCustomizer)var7.next();
- customizer.customize(this.webSecurity);
- }
-
- return (Filter)this.webSecurity.build();
- }
- }
-
- 、、、、、、、
- }
就是 Assert.state(!hasConfigurers || !hasFilterChain, "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
这句报出来的。
- @Configuration
- @RequiredArgsConstructor
- @EnableWebSecurity(debug = true)
- public class WebSecurityConfig
- {
-
- private final AuthenticationConfiguration authenticationConfiguration;
-
- @Bean( name = {"springSecurityFilterChain"})
- public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{
- http.authorizeRequests()
- .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
- .antMatchers("/**").permitAll()
- .anyRequest().authenticated();
- return http.build();
- }
-
-
- @Bean
- public AuthenticationManager authenticationManager() throws Exception{
- AuthenticationManager authenticationManager = authenticationConfiguration.getAuthenticationManager();
- return authenticationManager;
- }
-
-
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
-
- }
启动不了,看看异常:
- Description:
-
- The bean 'springSecurityFilterChain', defined in class path resource [com/micro/exchange/auth/config/WebSecurityConfig.class], could not be registered. A bean with that name has already been defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class] and overriding is disabled.
-
- Action:
-
- Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true
挺贴心,还给了解决方案,咱们就是为了覆盖,不能修改名字,选第二个吧
- spring:
- main:
- allow-bean-definition-overriding: true
修改完,启动,还是没启动起来,晕了。
AuthorizationServerConfigurerAdapter 继承类报 authenticationManager空指针
原因:继承类先于WebSecurityConfig类加载了。
网上说给WebSecurityConfig 加 @Order, 但是没有生效,不知道是缓存还是什么原因。
幸好有
@AutoConfigureAfter(WebSecurityConfig.class)参考:SpringBoot: @AutoConfigureAfter 和 @AutoConfigureBefore失效问题_零点冰.的博客-CSDN博客_autoconfigureafter
这篇文章比较实用,顺序生效了。
问题解决。
解决问题还是得撸下源码,才能真正解决问题