未定義名爲'springSecurityFilterChain'的bean - Spring 4 Java配置

Question

當它在.xml文件中定義時，一切正常。現在我已經開始將.xml文件遷移到java配置。 Security.xml是我一直在遷移的第一個文件。

的security.xml

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:p="http://www.springframework.org/schema/p" 
xsi:schemaLocation="http://www.springframework.org/schema/beans  http://www.springframework.org/schema/beans/spring-beans.xsd 
      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> 

    <http pattern="/scripts/**" security="none" /> 
    <http pattern="/assets/**" security="none" /> 

    <http auto-config="true"> 
     <intercept-url pattern="/app/admin/**" access="ROLE_SUPER_ADMIN,ROLE_ADMIN" /> 
     <intercept-url pattern="/app/settings/**" 
      access="ROLE_SUPER_ADMIN,ROLE_ADMIN" /> 
     <intercept-url pattern="/app/**" 
      access="ROLE_SUPER_ADMIN,ROLE_ADMIN" /> 
     <form-login login-page="/login" default-target-url="/main" 
      login-processing-url="/session" username-parameter="UserName" 
      password-parameter="Password" always-use-default-target="true" 
      authentication-success-handler-ref="authenticationSuccess" 
      authentication-failure-handler-ref="authenticationFailure" /> 
     <logout logout-url="/app/logout" delete-cookies="JSESSIONID" 
      invalidate-session="true" logout-success-url="/login" /> 
    </http> 
    <beans:bean id="authenticationSuccess" 
     class="com.comp.site.config.AuthenticationSuccess" /> 
    <beans:bean id="authenticationFailure" 
     class="com.comp.site.config.AuthenticationFailure" /> 
    <beans:bean id="userDao" 
     class="com.comp.site.dao.hibernate.UserDaoHibernate" /> 

    <beans:bean class="com.comp.security.AuthenticationProvider" 
     id="authenticationProvider"> 
     <beans:property name="userDetailsService" ref="userDao"> 
     </beans:property> 
    </beans:bean> 

    <authentication-manager> 
     <authentication-provider ref="authenticationProvider" /> 
    </authentication-manager> 


    <global-method-security> 
     <protect-pointcut expression="execution(* *..service.UserManager.getUsers(..))" 
      access="ROLE_ADMIN,ROLE_SUPER_ADMIN" /> 
     <protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" 
      access="ROLE_ADMIN,ROLE_SUPER_ADMIN" /> 
    </global-method-security> 

</beans:beans> 

遷移SecurityConfig.java

package com.comp.springconfig; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.ComponentScan; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.builders.WebSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 

import com.comp.security.AuthenticationProvider; 
import com.comp.site.config.AuthenticationFailure; 
import com.comp.site.config.AuthenticationSuccess; 
import com.comp.site.dao.hibernate.UserDaoHibernate; 

@Configuration 
@EnableWebSecurity 
@ComponentScan 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    AuthenticationSuccess authenticationSuccess; 

    @Autowired 
    AuthenticationFailure authenticationFailure; 

    @Autowired 
    UserDaoHibernate userDaoHibernate; 

    @Autowired 
    AuthenticationProvider authenticationProvider; 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{ 
     auth 
     .authenticationProvider(authenticationProvider) 
     .userDetailsService(userDaoHibernate); 
    } 

    @Override 
    public void configure(WebSecurity web) throws Exception { 
     web 
     .ignoring() 
     .antMatchers("/scripts/**","/assets/**"); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.authenticationProvider(authenticationProvider) 
     .authorizeRequests() 

     .antMatchers("/app/admin/**") 
     .hasAnyRole("ROLE_SUPER_ADMIN","ROLE_ADMIN") 

     .antMatchers("/app/settings/**") 
     .hasAnyRole("ROLE_SUPER_ADMIN","ROLE_ADMIN") 

     .antMatchers("/app/**") 
     .hasAnyRole("ROLE_SUPER_ADMIN","ROLE_ADMIN") 

     .anyRequest().authenticated() 
     .and() 

     .formLogin() 
     .loginPage("/login") 
     .defaultSuccessUrl("/main", true) 
     .loginProcessingUrl("/session") 
     .usernameParameter("UserName") 
     .passwordParameter("Password") 
     .successHandler(authenticationSuccess) 
     .failureHandler(authenticationFailure) 

     .and() 

     .logout() 
     .logoutUrl("/app/logout") 
     .deleteCookies("JSESSIONID") 
     .invalidateHttpSession(true) 
     .logoutSuccessUrl("/login"); 
    } 

} 

我將配置global-method-security後，當我需要讓當前配置工作的首位。運行該程序後，出現以下錯誤。

SEVERE: Exception starting filter securityFilter 
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined 
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:694) 
    at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedLocalBeanDefinition(AbstractBeanFactory.java:1168) 
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:281) 
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) 
    at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:962) 
    at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:324) 
    at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:235) 
    at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:199) 
    at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279) 
    at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:260) 
    at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:105) 
    at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4603) 
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5210) 
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) 
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1396) 
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1386) 
    at java.util.concurrent.FutureTask.run(Unknown Source) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) 
    at java.lang.Thread.run(Unknown Source) 

每當提供的AuthenticationProvider出現問題時，都會發生此錯誤。我試過使用其他一些步驟來配置AuthenticationProvided，但沒有一個能夠工作。我目前的配置有問題嗎？我認爲問題在於AuthenticationManagerBuilder的配置。

更新

的web.xml

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns="http://java.sun.com/xml/ns/javaee" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
     version="3.0"> 

    <display-name>site</display-name> 
    <distributable/> 

    <!-- Context Configuration locations for Spring XML files --> 
    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value> 
      classpath:/applicationContext-resources.xml 
      classpath:/applicationContext-dao.xml 
      classpath:/applicationContext-service.xml 
      classpath:/applicationContext.xml 
     </param-value> 
    </context-param> 

    <context-param> 
     <param-name>javax.servlet.jsp.jstl.fmt.fallbackLocale</param-name> 
     <param-value>en</param-value> 
    </context-param> 

    <filter> 
     <filter-name>encodingFilter</filter-name> 
     <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 
     <init-param> 
      <param-name>encoding</param-name> 
      <param-value>UTF-8</param-value> 
     </init-param> 
     <init-param> 
      <param-name>forceEncoding</param-name> 
      <param-value>true</param-value> 
     </init-param> 
    </filter> 
    <filter> 
     <filter-name>rewriteFilter</filter-name> 
     <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class> 
     <!-- sets up log level (will be logged to context log) 
      can be: TRACE, DEBUG, INFO (default), WARN, ERROR, FATAL, log4j, commons, sysout:{level} (ie, sysout:DEBUG) 
      if you are having trouble using normal levels use sysout:DEBUG --> 
     <init-param> 
      <param-name>logLevel</param-name> 
      <param-value>commons</param-value> 
     </init-param> 
     <!-- set the amount of seconds the conf file will be checked for reload 
      can be a valid integer (0 denotes check every time, 
      -1 denotes no reload check, default -1) --> 
     <init-param> 
      <param-name>confReloadCheckInterval</param-name> 
      <param-value>-1</param-value> 
     </init-param> 
    </filter> 
    <filter> 
     <filter-name>securityFilter</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
     <init-param> 
      <param-name>targetBeanName</param-name> 
      <param-value>springSecurityFilterChain</param-value> 
     </init-param> 
    </filter> 
    <filter-mapping> 
     <filter-name>rewriteFilter</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 
    <filter-mapping> 
     <filter-name>securityFilter</filter-name> 
     <url-pattern>/*</url-pattern> 
     <dispatcher>REQUEST</dispatcher> 
     <dispatcher>FORWARD</dispatcher> 
     <dispatcher>INCLUDE</dispatcher> 
    </filter-mapping> 


    <!-- CONTEXT LISTENERS --> 
    <listener> 
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 
    <listener> 
     <listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class> 
    </listener> 
    <listener> 
     <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> 
    </listener> 
    <listener> 
     <listener-class>com.comp.site.listener.StartupListener</listener-class> 
    </listener> 


    <!--  SESSION CONFIGURATION --> 
    <session-config> 
     <session-timeout>15</session-timeout> 
     <cookie-config> 
      <http-only>true</http-only> 
      <!--<secure>true</secure>--> 
     </cookie-config> 
     <tracking-mode>COOKIE</tracking-mode> 
    </session-config> 

    <!--  SPRING SERVLETS DEFININTIONS  --> 
    <servlet> 
     <servlet-name>dispatcher</servlet-name> 
     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 
    <servlet-mapping> 
     <servlet-name>dispatcher</servlet-name> 
     <url-pattern>/app/*</url-pattern> 
    </servlet-mapping> 

</web-app> 

security.xml文件的路徑爲/WEB-INF/security.xml我已經寫Java配置

Answer 1

刪除一切之後，從web.xml中刪除了與「securityFilter」有關，並讓Spring Security爲您自動配置它們。

Answer 2

當您將@EnableWebSecurity添加到類中時，spring安全性會創建包含其他幾個安全bean的springSecurityFilterChain bean。由於您在java配置中已經有了這個註釋，這意味着springSecurityFilterChain bean將在創建時被創建並放入ApplicationContext。爲了避免這個錯誤，你需要確保你的java配置得到正確的掃描。如下所示，在web.xml中添加你的過濾器。

<filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy 
     </filter-class> 
    </filter> 

    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping>