spring 安全 3.x 到 4.x 迁移问题

spring security 3.x to 4.x migration issue

我正在尝试将 spring 安全 3.x 迁移到 4.x

这样做时我遇到了以下错误

Aug 27, 2016 11:16:03 AM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping#0': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.ws.soap.server.endpoint.interceptor.PayloadRootSmartSoapEndpointInterceptor#0': Cannot resolve reference to bean 'wsSecurityInterceptor' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'wsSecurityInterceptor' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'springSecurityHandler' while setting bean property 'validationCallbackHandler'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityHandler' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.authentication.ProviderManager]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.authentication.ProviderManager.<init>()
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:547)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getObject(AbstractBeanFactory.java:304)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:300)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:700)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:760)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5068)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5584)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1572)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1562)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.ws.soap.server.endpoint.interceptor.PayloadRootSmartSoapEndpointInterceptor#0': Cannot resolve reference to bean 'wsSecurityInterceptor' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'wsSecurityInterceptor' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'springSecurityHandler' while setting bean property 'validationCallbackHandler'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityHandler' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.authentication.ProviderManager]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.authentication.ProviderManager.<init>()
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getObject(AbstractBeanFactory.java:304)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:300)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:467)
    at org.springframework.context.support.AbstractApplicationContext.getBeansOfType(AbstractApplicationContext.java:1071)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
    ... 20 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'wsSecurityInterceptor' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'springSecurityHandler' while setting bean property 'validationCallbackHandler'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityHandler' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in class path resource [META-INF/webservice/config/spring-ws.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.authentication.ProviderManager]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.authentication.ProviderManager.<init>()
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1456)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1197)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:320)
    ... 44 more

错误指向以下依赖项

   <bean id= "authenticationManager" class= "org.springframework.security.authentication.ProviderManager">
      <property name="providers">

            <bean class= "org.springframework.security.authentication.dao.DaoAuthenticationProvider">
                <property name="userDetailsService" ref="userManagerWs"/>
            </bean>

        </property>
    </bean>

需要进行哪些更改才能使其正常工作?

提前谢谢你:D

class ProviderManager 上的空构造函数至少从 Spring Security 3.1.2 开始就已弃用:

Constructor Summary

ProviderManager()

Deprecated. Use constructor which takes provider list

ProviderManager(List providers)
ProviderManager(List providers, AuthenticationManager parent)

在 spring-security 4 中,此 constructor 已被删除,因此这是问题的根源:

Could not instantiate bean class [org.springframework.security.authentication.ProviderManager]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.authentication.ProviderManager.()

你应该这样配置才能工作:

<beans:bean id= "authenticationManager" class= "org.springframework.security.authentication.ProviderManager">
        <beans:constructor-arg>
            <beans:list>
                <beans:bean class= "org.springframework.security.authentication.dao.DaoAuthenticationProvider">
                    <beans:property name="userDetailsService" ref="userManagerWs"/>
                </beans:bean>
            </beans:list>
        </beans:constructor-arg>
    </beans:bean>

或者,使用 spring-security 配置命名空间,使用 security:authentication-manager 元素:

<beans:bean id="daoAuthenticationProvider" class= "org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="userManagerWs"/>
    </beans:bean>

    <security:authentication-manager id="authenticationManager">
        <security:authentication-provider ref="daoAuthenticationProvider" />
    </security:authentication-manager>