spring安全模块配置问题
spring安全模块配置问题
Clover286 发表于11个月前
spring安全模块配置问题
  • 发表于 11个月前
  • 阅读 30
  • 收藏 0
  • 点赞 0
  • 评论 0

标题:腾讯云 新注册用户域名抢购1元起>>>   

刚开始配置如下:

SecurityWebInitializer.java

package shop.config;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityWebInitializer extends AbstractSecurityWebApplicationInitializer {
}

SecurityConfig.java

package shop.config;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private DataSource dataSource;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.formLogin().and().authorizeRequests().antMatchers("/page/myOrder").authenticated().anyRequest().permitAll().and().csrf()
				.disable();
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {

	}

}

WebInitializer.java

package shop.config;

import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;

public class WebInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
	@Override
	protected String[] getServletMappings() {
		return new String[] { "/" };
	}

	@Override
	protected Class<?>[] getRootConfigClasses() {
		return new Class<?>[] { RootConfig.class };
	}

	@Override
	protected Class<?>[] getServletConfigClasses() {
		return new Class<?>[] { WebConfig.class };
	}

}

WebConfig.java

package shop.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.InternalResourceViewResolver;

@Configuration
@EnableWebMvc
@ComponentScan(basePackages = { "shop.web" })
public class WebConfig extends WebMvcConfigurerAdapter {

	@Bean
	public ViewResolver viewResolver() {
		InternalResourceViewResolver resolver = new InternalResourceViewResolver();
		resolver.setPrefix("/WEB-INF/jsp/");
		resolver.setSuffix(".jsp");
		resolver.setExposeContextBeansAsAttributes(true);
		return resolver;
	}

	@Override
	public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
		configurer.enable();
	}

}

RootConfig.java

package shop.config;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.ImportResource;

@Configuration
@ImportResource("classpath:spring/*.xml")
@ComponentScan(basePackages = { "shop.service" })
public class RootConfig {

}

报错如下:

严重: Exception starting filter springSecurityFilterChain
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined

这个文献启发我解决的:http://stackoverflow.com/questions/17132675/no-bean-named-springsecurityfilterchain-is-defined-spring-security-3-1

摘录原文如下:

Be sure to have security configuration in the root web application context, not in a servlet application context. This is very common mistake.

Root web application context is for global application beans, including security configuration. Servlet application context is there for servlet specific beans - e.g. controllers, handler mappings and handler adapters.

If you really want to have your security configuration within a servlet context, then you need to specifycontextAttribute for the DelegatingFilterProxy.

<init-param>
    <param-name>contextAttribute</param-name>
    <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.appServlet</param-value>
</init-param>

解决方案如下:在RootConfig.java中引入如下代码,意思是加载SecurityConfig.class配置类。

@Import(SecurityConfig.class)

分析:我原先的配置是按照spring实战第四版中微调的,书中的RootConfig.java中@ComponentScan(basePackages = { "shop" })包扫码了整个文件,同时过滤了一部分不需要的,意味着他扫描了配置类所在的包,也就是扫描到了安全模块的配置类SecurityConfig.class。而我改成了@ComponentScan(basePackages = { "shop.service" }),只扫码了service包,当我把这个配置改成扫描整个项目时也修复了该问题,不报错。

进一步:

我把包扫描改成:即加入对配置类所在包的扫描,项目也不报错了。

@ComponentScan(basePackages = { "shop.service","shop.config" })

总结如下:spring安全模块的配置类要注入spring,不然的启动不了。方法最好还是通过在根配置文件中@Import(SecurityConfig.class)

共有 人打赏支持
粉丝 8
博文 168
码字总数 61282
×
Clover286
如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!
* 金额(元)
¥1 ¥5 ¥10 ¥20 其他金额
打赏人
留言
* 支付类型
微信扫码支付
打赏金额:
已支付成功
打赏金额: