这可能与某些加载订单问题有关,但我不确定/正在寻找确认。我正在开发一个遗留项目,我们无法切换到SpringBoot配置,但我们已将所有核心弹簧罐更新为4.2.x。
每当我启动安全配置启动服务器(在Jetty容器中运行)时,我会收到以下错误[1]。
我的xml配置如下所示:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:task="http://www.springframework.org/schema/task"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-4.2.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.2.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<context:annotation-config />
<bean class="com.company.project.config.SecurityConfiguration"/>
我有一个示例spring-boot项目,我首先编写了SecurityConfiguration,但我没有收到异常。
我的安全配置如下:
@Configuration
@EnableWebSecurity
@EnableCustomSSOSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Value("${sso.host}")
private String host;
@Value("${sso.appId}")
private String appId;
@Value("${sso.targetService}")
private String target;
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/scripts/**/*.{js,html}")
.antMatchers("/bower_components/**")
.antMatchers("/i18n/**")
.antMatchers("/assets/**")
.antMatchers("/swagger-ui/index.html")
.antMatchers("/test/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.apply(CustomSSOConfigurer.configure(host))
.appId(appId)
.targetService(target)
.authenticatedUserDetailsService(customUserDetailsService)
.and()
.logout()
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/logout")
.invalidateHttpSession(true)
.and()
.authorizeRequests()
.antMatchers("/*").permitAll();
}
}
问题出现是因为没有配置authenticationProviders。所以在AuthenticationManagerBuilder中,此代码返回null:
@Override
protected ProviderManager performBuild() throws Exception {
if (!isConfigured()) {
logger.debug("No authenticationProviders and no parentAuthenticationManager defined. Returning null.");
return null;
}
当我从spring-boot启动时,我看到以下authenticationProvider:
org.springframework.security.authentication.dao.DaoAuthenticationProvider@4fcf4925
这会导致创建ProviderManager,最终创建身份验证管理器。
这个DaoAuthenticationProvider来自哪里?我应该如何配置它或我缺少什么xml配置?这与加载顺序有关吗?
非常感谢任何帮助。
[1]来自服务器的错误
2015-12-02 09:58:05,230 [WARN ] org.springframework.context.support.ClassPathXmlApplicationContext [main] - Exception encountered during context initialization - cancelling refresh attempt
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'methodSecurityInterceptor' defined in class path resource [org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.class]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: An AuthenticationManager is required
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:305)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:301)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:196)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:835)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:537)
at com.company.core.common.configuration.Config.initContext(Config.java:753)
at com.company.core.common.configuration.Config.initContext(Config.java:893)
at com.company.core.common.configuration.Config.getApplicationContext(Config.java:1188)
at com.company.core.common.ApplicationBase.initContext(ApplicationBase.java:59)
at com.company.core.common.ApplicationBase.run(ApplicationBase.java:157)
at com.company.core.web.ApplicationBaseInitListener.contextInitialized(ApplicationBaseInitListener.java:58)
at com.company.project.core.web.ICFAplicationBaseListener.contextInitialized(ICFAplicationBaseListener.java:50)
at org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:778)
at org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:425)
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:770)
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:275)
at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1312)
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:722)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:490)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:69)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:108)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:90)
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:58)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:69)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:108)
at org.eclipse.jetty.server.Server.start(Server.java:346)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:90)
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:58)
at org.eclipse.jetty.server.Server.doStart(Server.java:294)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:69)
at com.company.project.jetty.StartICFServer.startServer(StartICFServer.java:93)
at com.company.project.jetty.StartICFServer.main(StartICFServer.java:37)
Caused by: java.lang.IllegalArgumentException: An AuthenticationManager is required
at org.springframework.util.Assert.notNull(Assert.java:115)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:131)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574)
... 36 more
答案 0 :(得分:0)
尝试在您的xml文件中添加以下代码:
<security:authentication-manager/>
<bean class="com.company.project.config.SecurityConfiguration"/>