我的應用程序有兩種不同的安全配置。一個OAuth2SecurityConfiguration
,另一個是LdapSecurityConfiguration
。在OAuth2SecurityConfiguration
我有以下2個filteres安全配置:如何在spring-security的另一個過濾器之前添加過濾器?
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers(OAUTH_ENDPOINT).permitAll()
.anyRequest().authenticated()
.and()
.logout()
.logoutUrl(LOGOUT_ENDPOINT)
.logoutSuccessUrl("/")
.addLogoutHandler(oAuthLogoutHandler)
.and()
.addFilterAfter(oAuth2ClientContextFilter, ExceptionTranslationFilter.class)
.addFilterBefore(oAuth2AuthenticationProcessingFilter, FilterSecurityInterceptor.class)
// anonymous login must be disabled,
// otherwise an anonymous authentication will be created,
// and the UserRedirectRequiredException will not be thrown,
// and the user will not be redirected to the authorization server
.anonymous().disable();
}
LdapSecurityConfiguration
安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers(AUTH_ENDPOINT).permitAll()
.anyRequest().authenticated()
.and()
.logout()
.and()
.addFilterBefore(authenticationFilter, OAuth2ClientContextFilter.class);
}
但是,當過濾器鏈被初始化我得到這個錯誤:
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Cannot register after unregistered Filter class org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
... 36 more
Caused by: java.lang.IllegalArgumentException: Cannot register after unregistered Filter class org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter
at org.springframework.security.config.annotation.web.builders.FilterComparator.registerBefore(FilterComparator.java:183)
at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterBefore(HttpSecurity.java:1039)
at com.company.configuration.LdapSecurityConfiguration.configure(LdapSecurityConfiguration.java:63)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:224)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:315)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:86)
at com.company.configuration.LdapSecurityConfiguration$$EnhancerBySpringCGLIB$$b4922dd5.init(<generated>)
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:371)
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325)
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.CGLIB$springSecurityFilterChain$3(<generated>)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e$$FastClassBySpringCGLIB$$b8c23686.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:358)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.springSecurityFilterChain(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
... 37 more
我對''OAuth2SecurityConfiguration'有'@Order(1)',''LdapSecurityConfiguration'有'@Order(2)'。 –
@VladislavChernogorov:問題是,'OAuth2ClientContextFilter'沒有在'LdapSecurityConfiguration'中註冊,所以你不能在不存在'OAuth2ClientContextFilter'之前添加另一個過濾器。 @ OrangeDog的回答有點令人困惑,因爲豁免與配置順序無關。 – dur
它沒有註冊,因爲其他配置尚未註冊,或者配置在其他方面存在衝突。可能是@Order在這裏沒有效果。 – OrangeDog