Spring安全配置@Order不是唯一的例外 [英] Spring Security Configuration @Order not unique exception
问题描述
我试图在我的Spring Security配置中注册多个过滤器,但是我总是得到相同的例外:
I've tried to register multiple filters in my Spring Security Configuration, however I always get the same exception:
04-Nov -2015 14:35:23.792警告[RMI TCP连接(3)-127.0.0.1]
org.springframework.web.context.support.AnnotationConfigWebApplicationContext.refresh
在上下文初始化期间遇到异常 - 取消
刷新尝试
org.springframework.beans.factory.BeanCreationException:错误
创建名为
'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration'的bean:
注入自动连接的依赖项失败;嵌套异常是
java.lang.IllegalStateException:WebSecurityConfigurers上的@Order必须是唯一的
。已经使用了100的订单,所以它不能用于
com.payment21.webapp.MultiHttpSecurityConfig$ApiWebSecurityConfigurationAdapter$$EnhancerBySpringCGLIB $ 35c79fe4@1d381684
。
04-Nov-2015 14:35:23.792 WARNING [RMI TCP Connection(3)-127.0.0.1] org.springframework.web.context.support.AnnotationConfigWebApplicationContext.refresh Exception encountered during context initialization - cancelling refresh attempt org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Injection of autowired dependencies failed; nested exception is java.lang.IllegalStateException: @Order on WebSecurityConfigurers must be unique. Order of 100 was already used, so it cannot be used on com.payment21.webapp.MultiHttpSecurityConfig$ApiWebSecurityConfigurationAdapter$$EnhancerBySpringCGLIB$$35c79fe4@1d381684 too.
由于我自己的尝试不起作用,我尝试了完全相同的代码,如 Spring Security参考:
Since my own attempts didn't work, I tried the exact same code as shown in the Spring Security reference:
@EnableWebSecurity
public class MultiHttpSecurityConfig {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
}
}
@Configuration
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin();
}
}
}
要隔离我试过的错误用基于Java的方法替换web.xml,但它也不起作用。我不知道出了什么问题,这是错误的吗?我的应用程序中的某些内容可能会与配置混乱吗?系统正常启动,除非我注册了第二个WebSecurityConfigAdapter。
To isolate the error I tried to replace the web.xml by a Java based approach, but it didn't work either. I have no idea what's wrong, is the doc wrong? Can something in my application mess with the configuation? System is starting up properly, unless I register a second WebSecurityConfigAdapter.
这些是我的依赖项:
compile 'org.springframework:spring-webmvc:4.2.2.RELEASE'
compile 'org.springframework:spring-messaging:4.2.2.RELEASE'
compile 'org.springframework:spring-websocket:4.2.2.RELEASE'
compile 'org.springframework:spring-aop:4.2.2.RELEASE'
compile'javax.servlet:javax.servlet-api:3.0.1'
compile 'org.springframework.security:spring-security-web:4.0.3.RELEASE'
compile 'org.springframework.security:spring-security-config:4.0.3.RELEASE'
推荐答案
我发现了错误...没有人在片段中发布导入。我们正在使用多模块项目设置,并且IntelliJ无法识别Spring注释并使用
I have found the error... noone ever posts imports in snippets. We are using a multi module project setup, and IntelliJ didn't recognise the Spring annotations and used
org.apache.logging.log4j。 core.config.Order
org.apache.logging.log4j.core.config.Order
而不是
org.springframework.core.annotation.Order
org.springframework.core.annotation.Order
由于Spring没有解析正确的注释,因此假设默认值两种配置均为100。
Since Spring didn't parse the correct annotations, it was assuming the default value 100 for both configurations.
这篇关于Spring安全配置@Order不是唯一的例外的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!