前言
Spring Security:在Spring Boot 2.7.0中升级已弃用的WebSecurityConfigrerAdapter,并且根据@EnableWebSecurity推荐自定义配置类后,还是错误的问题。
失败的案例
首先看报错
Caused by: java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration$EnableGlobalAuthenticationAutowiredConfigurer@74e40cc7 to already built object
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.add(AbstractConfiguredSecurityBuilder.java:182) ~[spring-security-config-5.7.3.jar:5.7.3]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.apply(AbstractConfiguredSecurityBuilder.java:138) ~[spring-security-config-5.7.3.jar:5.7.3]
at org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration.getAuthenticationManager(AuthenticationConfiguration.java:119) ~[spring-security-config-5.7.3.jar:5.7.3]
at org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.authenticationManager(HttpSecurityConfiguration.java:109) ~[spring-security-config-5.7.3.jar:5.7.3]
at org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.httpSecurity(HttpSecurityConfiguration.java:87) ~[spring-security-config-5.7.3.jar:5.7.3]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_291]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_291]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_291]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_291]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.3.22.jar:5.3.22]
... 51 common frames omitted
过时的配置类代码
@Configuration
@EnableWebSecurity
public class WebServerSecurityConfiguration {
@Autowired
private SecurityConfig securityConfig;
@Autowired
MyUserDetailService userDetailService;
@Autowired
JwtAuthenticationTokenFilter authenticationTokenFilter;
@Bean
public PasswordEncoder passwordEncoder() {
DelegatingPasswordEncoder delegatingPasswordEncoder = (DelegatingPasswordEncoder) PasswordEncoderFactories.createDelegatingPasswordEncoder();
delegatingPasswordEncoder.setDefaultPasswordEncoderForMatches(new BCryptPasswordEncoder());
return delegatingPasswordEncoder;
}
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
List<String> whiteList = securityConfig.getWhiteList();
String[] whiteArrays = whiteList.toArray(new String[whiteList.size()]);
http.authorizeRequests().antMatchers(whiteArrays).permitAll()
.anyRequest().authenticated().and().csrf().disable();
http.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
@Bean
protected AuthenticationManager configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder
.userDetailsService(userDetailService)
.passwordEncoder(passwordEncoder())
;
return authenticationManagerBuilder.build();
}
}
可以看到在旧版本中AuthenticationManager ,您注入AuthenticationManagerBuilder,设置userDetailsService、passwordEncoder并构建它。但是身份验证管理器已经在这一步中创建。它是按照我们想要的方式创建的(使用userDetailsService和passwordEncoder)。
我们将注入的AuthenticationManagerBuilder 更换为下面的方式进行注入
@Bean
protected AuthenticationManager configure(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}