2015-04-05 204 views
0

這是我的應用程序類。集成Spring Boot與Spring Security

@SpringBootApplication 
@ComponentScan({"org.app.genesis.client.controller","org.app.genesis.commons.service", 
    "org.app.genesis.commons.security","org.app.genesis.inventory.service","org.app.genesis.client.auth"}) 
@EnableJpaRepositories(basePackages = "org.app.genesis.*.repo") 
@EntityScan(basePackages = "org.app.genesis.*.model") 
public class Application extends SpringBootServletInitializer { 

    public static void main(String[] args) { 
     ApplicationContext ctx = SpringApplication.run(Application.class, args); 
    } 

    @Override 
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) { 
     return application.sources(Application.class); 
    } 

    ..other configs here 

    @Configuration 
    @EnableWebSecurity 
    @ComponentScan({"org.app.genesis.client.auth"}) 
    public class SecurityConfig extends WebSecurityConfigurerAdapter { 

     @Autowired 
     private AuthenticationProvider customAuthProvider; 

     @Autowired 
     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
      auth.authenticationProvider(customAuthProvider); 
     } 
    } 
} 

但是每當我構建應用程序。它總是拋出此異常

[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:1.2.3.RELEASE:run (default-cli) on project app-client-webapp: An exception occured while running. null: 
InvocationTargetException: Unable to start embedded container; nested exception is org.springframework.boot.context.embedded.EmbeddedServletContainerException: Unable to start embedded Tomcat: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void `org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(org.springframework.security.config.annotation.ObjectPostProcessor,java.util.List) throws java.lang.Exception; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.app.genesis.client.Application$SecurityConfig': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.app`enter code here`.genesis.client.Application$SecurityConfig$$EnhancerBySpringCGLIB$$b49171d7]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.app.genesis.client.Application$SecurityConfig$$EnhancerBySpringCGLIB$$b49171d7.<init>() -> [Help 1]` 

編輯:新春安全配置

@Configuration 
@EnableWebSecurity 
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) 
protected static class SecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    @Qualifier("customAuthenticationProvider") 
    private AuthenticationProvider customAuthProvider; 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth){ 
     auth.authenticationProvider(customAuthProvider); 
    } 

    @Override 
    public AuthenticationManager authenticationManagerBean() throws Exception { 
     return super.authenticationManagerBean(); 
    } 

    @Override 
    public void configure(HttpSecurity http) throws Exception { 
     http 
      .authorizeRequests().anyRequest().authenticated(); 
     http 
      .formLogin().failureUrl("/login?error") 
      .defaultSuccessUrl("/dashboard") 
      .loginPage("/login") 
      .permitAll() 
      .and() 
      .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login") 
      .permitAll().and().csrf().disable(); 
    } 
} 

回答

1

完整代碼丟失,因爲這些我不能針點,這是造成這一問題的線,但我會絕對讓試圖解釋它,這樣你可以自己修復它

@EnableWebSecurity

的JavaDoc的文件建立:

這個註釋添加到@Configuration類,以便在任何WebSecurityConfigurer以上 可能定義的春天 安全配置通過擴展WebSecurityConfigurerAdapter基類和壓倒一切的 獨立的方法。

好像無論你錯過了覆蓋WebSecurityConfigurerAdapter基類的「配置」方法或沒有正確實施「configureGlobal」的方法,或者你可能要創建一個類繼承AbstractSecurityWebApplicationInitializer,它會自動加載springSecurityFilterChain 。

但是,我建議你通過以下來源,你應該能夠找出你失蹤的是什麼。

  1. https://github.com/spring-projects/spring-security-oauth-javaconfig/blob/master/samples/oauth2-sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/SecurityConfiguration.java
  2. http://www.mkyong.com/spring-security/spring-security-hello-world-annotation-example/
+0

我設法得到它,每當我登錄,在不使用我的customAuthenticationProvider然而時運行。任何方式來檢查這個問題?另外,我已經更新了我的代碼。看到我的更新 – user962206 2015-04-05 05:32:33

+0

據我瞭解,你似乎只是自動裝配自定義AuthenticationProvider,但你沒有重寫「保護無效配置(AuthenticationManagerBuilder身份驗證)」或「公共AuthenticationManager authenticationManagerBean()」,這意味着你沒有告訴Spring Security使用您的自定義「AuthenticationProvider」。 – 2015-04-05 05:50:58

+0

我以爲我把它傳遞給http.authenticationProvider(customAuthProvider); ?那是不同的? – user962206 2015-04-05 05:54:37