拋出：IllegalArgumentException：defaultTarget必須以「/」或「HTTP（S）」

Question

我試圖用春天的安全，所有的配置都基於註解記得我的功能來實現持續的基於令牌的認證。問題是，當我試圖運行我的應用程序，服務器是扔IllegalArgumentException。我也收到消息Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception。我一直停留過了一天，並且不能找到任何線索或建議。請看看我的代碼。

彈簧過濾鏈

public class SecurityWebAppInitializer extends AbstractSecurityWebApplicationInitializer { 
} 

的

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

@Autowired 
@Qualifier("customUserDetailsService") 
UserDetailsService userDetailsService; 

@Autowired 
PersistentTokenRepository persistentTokenRepository; 

@Override 
protected void configure(HttpSecurity http) throws Exception{ 
    http.authorizeRequests() 
      .antMatchers("/","/list").access("hasRole('USER') or hasRole('ADMIN') or hasRole('DBA')") 
      .antMatchers("/new-user", "/delete-user/*").access("hasRole('ADMIN')") 
      .antMatchers("/edit-user/*").access("hasRole('ADMIN') or hasRole('USER')") 
      .and() 
      .formLogin() 
       .loginPage("/login.jsp") 
       .loginProcessingUrl("/login") 
       .usernameParameter("ssoid") 
       .passwordParameter("password") 
       .defaultSuccessUrl("/home") 
      .and() 
       .logout() 
       .logoutUrl("/logout") 
       .logoutSuccessUrl("logout") 
      .and() 
      .rememberMe() 
       .rememberMeParameter("remeber-me") 
       .tokenRepository(persistentTokenRepository) 
       .tokenValiditySeconds(46800) 
      .and().csrf() 
      .and().exceptionHandling().accessDeniedPage("/access_denied"); 
} 

@Autowired 
public void configureGlobalSecurity(AuthenticationManagerBuilder builder) throws Exception{ 
    builder.userDetailsService(userDetailsService); 
    builder.authenticationProvider(authenticationProvider()); 
} 

@Bean 
public DaoAuthenticationProvider authenticationProvider(){ 
    DaoAuthenticationProvider provider=new DaoAuthenticationProvider(); 
    provider.setUserDetailsService(userDetailsService); 
    provider.setPasswordEncoder(passwordEncoder()); 
    return provider; 
} 

@Bean 
public PasswordEncoder passwordEncoder() 
{ 
    return new BCryptPasswordEncoder(); 
} 

@Bean 
public PersistentTokenBasedRememberMeServices getPersistentTokenBasedRememberMeServices() { 
    PersistentTokenBasedRememberMeServices tokenBasedservice = new PersistentTokenBasedRememberMeServices(
      "remember-me", userDetailsService, persistentTokenRepository); 
    return tokenBasedservice; 
} 

@Bean 
public AuthenticationTrustResolver getAuthenticationTrustResolver() { 
    return new AuthenticationTrustResolverImpl(); 
} 
} 

配置我PersistentTokenRepository的對Hibernate的自定義實現創建，更新和刪除的記得我令牌。錯誤的

完整的堆棧跟蹤，

WARNING: Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: defaultTarget must start with '/' or with 'http(s)' 
    12:33:49.419 [localhost-startStop-1] DEBUG org.hibernate.internal.SessionFactoryImpl - HHH000031: Closing 
    12:33:49.419 [localhost-startStop-1] DEBUG org.hibernate.boot.registry.internal.BootstrapServiceRegistryImpl - Implicitly destroying Boot-strap registry on de-registration of all child ServiceRegistries 
    12:33:49.419 [localhost-startStop-1] DEBUG org.hibernate.service.internal.AbstractServiceRegistryImpl - Implicitly destroying ServiceRegistry on de-registration of all child ServiceRegistries 
    Jun 20, 2017 12:33:49 PM org.springframework.web.context.ContextLoader initWebApplicationContext 
    SEVERE: Context initialization failed 
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: defaultTarget must start with '/' or with 'http(s)' 
     at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599) 
     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123) 
     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018) 
     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510) 
     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) 
     at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) 
     at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) 
     at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) 
     at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) 
     at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:296) 
     at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) 
     at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772) 
     at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839) 
     at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538) 
     at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444) 
     at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326) 
     at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107) 
     at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5097) 
     at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5615) 
     at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) 
     at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1571) 
     at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1561) 
     at java.util.concurrent.FutureTask.run(Unknown Source) 
     at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) 
     at java.lang.Thread.run(Unknown Source) 
    Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: defaultTarget must start with '/' or with 'http(s)' 
     at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) 
     at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) 
     ... 25 more 
    Caused by: java.lang.IllegalArgumentException: defaultTarget must start with '/' or with 'http(s)' 
     at org.springframework.util.Assert.isTrue(Assert.java:68) 
     at org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler.setDefaultTargetUrl(AbstractAuthenticationTargetUrlRequestHandler.java:138) 
     at org.springframework.security.config.annotation.web.configurers.LogoutConfigurer.getLogoutSuccessHandler(LogoutConfigurer.java:229) 
     at org.springframework.security.config.annotation.web.configurers.LogoutConfigurer.createLogoutFilter(LogoutConfigurer.java:295) 
     at org.springframework.security.config.annotation.web.configurers.LogoutConfigurer.configure(LogoutConfigurer.java:249) 
     at org.springframework.security.config.annotation.web.configurers.LogoutConfigurer.configure(LogoutConfigurer.java:62) 
     at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:383) 
     at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:329) 
     at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) 
     at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:289) 
     at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:74) 
     at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:333) 
     at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) 
     at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:105) 
     at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$88510f6d.CGLIB$springSecurityFilterChain$1(<generated>) 
     at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$88510f6d$$FastClassBySpringCGLIB$$77813f6b.invoke(<generated>) 
     at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) 
     at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:355) 
     at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$88510f6d.springSecurityFilterChain(<generated>) 
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
     at java.lang.reflect.Method.invoke(Unknown Source) 
     at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162) 
     ... 26 more 

    Jun 20, 2017 12:33:49 PM org.apache.catalina.core.StandardContext listenerStart 
    SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener 
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: defaultTarget must start with '/' or with 'http(s)' 
     at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599) 
     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123) 
     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018) 
     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510) 
     at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) 
     at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) 
     at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) 
     at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) 
     at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) 
     at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:296) 
     at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) 
     at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772) 
     at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839) 
     at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538) 
     at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444) 
     at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326) 
     at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107) 
     at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5097) 
     at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5615) 
     at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147) 
     at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1571) 
     at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1561) 
     at java.util.concurrent.FutureTask.run(Unknown Source) 
     at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) 
     at java.lang.Thread.run(Unknown Source) 
    Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: defaultTarget must start with '/' or with 'http(s)' 
     at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) 
     at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) 
     ... 25 more 
    Caused by: java.lang.IllegalArgumentException: defaultTarget must start with '/' or with 'http(s)' 
     at org.springframework.util.Assert.isTrue(Assert.java:68) 
     at org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler.setDefaultTargetUrl(AbstractAuthenticationTargetUrlRequestHandler.java:138) 
     at org.springframework.security.config.annotation.web.configurers.LogoutConfigurer.getLogoutSuccessHandler(LogoutConfigurer.java:229) 
     at org.springframework.security.config.annotation.web.configurers.LogoutConfigurer.createLogoutFilter(LogoutConfigurer.java:295) 
     at org.springframework.security.config.annotation.web.configurers.LogoutConfigurer.configure(LogoutConfigurer.java:249) 
     at org.springframework.security.config.annotation.web.configurers.LogoutConfigurer.configure(LogoutConfigurer.java:62) 
     at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:383) 
     at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:329) 
     at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) 
     at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:289) 
     at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:74) 
     at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:333) 
     at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) 
     at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:105) 
     at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$88510f6d.CGLIB$springSecurityFilterChain$1(<generated>) 
     at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$88510f6d$$FastClassBySpringCGLIB$$77813f6b.invoke(<generated>) 
     at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) 
     at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:355) 
     at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$88510f6d.springSecurityFilterChain(<generated>) 
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
     at java.lang.reflect.Method.invoke(Unknown Source) 
     at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162) 
     ... 26 more 

我認爲這個問題是在安全性配置，但也沒能弄明白。任何建議都會有所幫助。

Answer 1

由於錯誤說

.logoutSuccessUrl("logout") 

必須以 「http」 開頭， 「HTTPS」 或 「/」