Question

您好我是Spring Security和Spring Oauth的新手，我正在配置基于Spring的Oauth服务器和资源服务器。但我需要配置一些基于xml的web mvc，比如需要初始化servlet参数。

下面的

是我的Web.xml

<web-app id="WebApp_ID" version="2.4"
    xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <display-name>Spring Web MVC Application</display-name>

    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
            <param-name>contextAttribute</param-name>
            <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>

和mvc-dispatcher-servlet.xml

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context-3.0.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">

    <context:component-scan base-package="com.resource" />

    <mvc:annotation-driven />

    <bean id="dataSource"
        class="org.springframework.jdbc.datasource.DriverManagerDataSource">
        <property name="driverClassName" value="com.mysql.jdbc.Driver" />
        <property name="url" value="jdbc:mysql://localhost:3306/userbase" />
        <property name="username" value="username" />
        <property name="password" value="password" />
    </bean>

</beans>

和错误日志如下：

HTTP Status 500 - No WebApplicationContext found: no ContextLoaderListener registered?

type Exception report

message No WebApplicationContext found: no ContextLoaderListener registered?

description The server encountered an internal error that prevented it from fulfilling this request.

exception

java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered?
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:252)
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.68 logs.

Apache Tomcat/7.0.68

SecurityConfiguration.java

    import javax.sql.DataSource;

    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Bean;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.authentication.AuthenticationManager;
    import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

    @Configuration
    @EnableWebSecurity
    public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

      @Autowired
      DataSource dataSource;

      private BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();

      @Autowired
      public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().dataSource(dataSource).passwordEncoder(passwordEncoder)
        .usersByUsernameQuery(
         "select username,password, enabled from users where username=?")
        .authoritiesByUsernameQuery(
         "select username, authority from authorities where username=?");
      }


      @Override
      @Bean
      public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
      }

    }

**** **** OAuth2ServerConfig.java

import java.security.Principal; import java.util.UUID;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
import org.springframework.web.bind.annotation.RequestMapping;


@Configuration
public class OAuth2ServerConfig {

  @Configuration
  @EnableResourceServer
  protected static class ResourceServer extends ResourceServerConfigurerAdapter {

      @Autowired
      private DataSource dataSource;

      public static final String RESOURCE_ID = "resource_id";

      @Bean
      public JdbcTokenStore tokenStore() {
          return new JdbcTokenStore(dataSource);
      }


      @Bean
      protected AuthorizationCodeServices authorizationCodeServices() {
          return new JdbcAuthorizationCodeServices(dataSource);
      }

      @Override
      public void configure(ResourceServerSecurityConfigurer resources)
              throws Exception {
          resources.tokenStore(tokenStore());
          resources.resourceId(RESOURCE_ID);
      }

      @Override
      public void configure(HttpSecurity http) throws Exception {
          http.authorizeRequests().anyRequest().authenticated();
      }


  }

  @RequestMapping("/")
  public String getInfo() {
    return "id: " + UUID.randomUUID() + " content : Spring Oauth2 Welcome first Page";
  }

  @RequestMapping("/user")
  public Principal getUser(Principal principal) {
    return principal;
  }


}

请在上面帮助我。

Answer 1

看起来springSecurityFilterChain的contextAttribute后缀必须与调度程序servlet名称匹配。在您的情况下，我看到contextAttribute后缀是调度程序，但调度程序servlet名称是mvc-dispatcher。您可以尝试匹配它们，即将contextAttibute后缀更改为mvc-dispatcher，如下所示，看看问题是否消失。

  <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <init-param>
            <param-name>contextAttribute</param-name>
            <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.mvc-dispatcher</param-value>
        </init-param>
    </filter>

我从https://www.txedo.com/blog/spring-security-no-contextloaderlistener-registered/

获得了此信息

错误HTTP状态500 - 未找到WebApplicationContext：没有注册ContextLoaderListener？

1 个答案: