基于SpringBoot +方法的分层角色安全性:ServletContext是必需的 [英] SpringBoot + method based hierarchical roles security: ServletContext is required
问题描述
我添加了基于方法的安全性,并添加了角色层次结构.在构建过程中,我不断收到以下异常:
I added method-based security and added role hierarchy. I keep getting the following exception during build:
org.springframework.beans.BeanInstantiationException:失败 实例化[org.springframework.web.servlet.HandlerMapping]:工厂 方法'defaultServletHandlerMapping'抛出异常;嵌套的 异常是java.lang.IllegalArgumentException:一个ServletContext是 配置默认servlet处理所需的
org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.web.servlet.HandlerMapping]: Factory method 'defaultServletHandlerMapping' threw exception; nested exception is java.lang.IllegalArgumentException: A ServletContext is required to configure default servlet handling
我尝试了许多不同的配置替代方案,但均无效果... 这是我的基本Web安全配置类(如您所见,我添加了与角色层次结构相关的bean):
I tried a lot of different configuration alternatives and none works... Here is my basic web security configuration class (I added role hierarchy-related beans as you see):
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
(...)
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf()
.disable()
(...)
.expressionHandler(webExpressionHandler())
(...)
.anyRequest().authenticated();
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
@Bean
public SecurityExpressionHandler<FilterInvocation> webExpressionHandler() {
DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
defaultWebSecurityExpressionHandler.setRoleHierarchy(roleHierarchy());
return defaultWebSecurityExpressionHandler;
}
@Bean
public RoleHierarchy roleHierarchy() {
RoleHierarchyImpl r = new RoleHierarchyImpl();
r.setHierarchy(Role.getHierarchy());
return r;
}
(...)
}
这是我根据此线程创建的单独的配置文件:
Here is the separate config file that I created basing on this thread:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class GlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Autowired
private RoleHierarchy roleHierarchy;
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
DefaultMethodSecurityExpressionHandler expressionHandler = (DefaultMethodSecurityExpressionHandler) super.createExpressionHandler();
expressionHandler.setRoleHierarchy(roleHierarchy);
return expressionHandler;
}
}
我为此奋斗了好几个小时.我尝试过的相关主题在这里:
I struggled with this for many hours. The related topics I tried are here:
- Spring Boot + Spring Security +分层角色
- 创建名称为'defaultServletHandlerMapping的bean时出错
- 创建名称为defaultServletHandlerMapping的bean时出错
- Spring Boot + Spring Security + Hierarchical Roles
- Error creating bean with name 'defaultServletHandlerMapping
- Error creating bean with name defaultServletHandlerMapping
每一个帮助表示赞赏!
推荐答案
好的,找到它.
我玩弄了类注释,并得出了一个简单的解决方案:我从GlobalMethodSecurityConfig中删除了@EnableGlobalMethodSecurity
,并将其移到了以前的WebSecurityConfiguration中.所以看起来像这样:
I played around with the class annotations and came to a simple solution: I removed @EnableGlobalMethodSecurity
from GlobalMethodSecurityConfig and moved it to WebSecurityConfiguration, where it was before. So it looks like this:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { (...) }
和这个:
@Configuration
public class GlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration { (...) }
最有趣的部分是,此处所接受的答案建议了什么对我没用.
The most interesting part is that the accepted answer from here advises what didn't work for me.
这篇关于基于SpringBoot +方法的分层角色安全性:ServletContext是必需的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!