Spring 安全和 keyclock - ServerHttpSecurity 错误
Spring security and keyclock - ServerHttpSecurity error
我正在尝试为我的 Spring 启动应用程序添加 Spring 安全性。我创建了新的 SecurityConfig class 并添加了以下代码:
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityWebFilterChain configSecurity(ServerHttpSecurity http) {
return http
.authorizeExchange(exchange -> exchange.matchers(EndpointRequest.toAnyEndpoint()).permitAll().anyExchange().authenticated())
.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::jwt)
.build();
}
}
当我尝试启动应用程序时出现错误:
2021-04-08 08:58:47.828 INFO 3040 --- [ main]
o.s.s.web.DefaultSecurityFilterChain : Will secure any request
with
[org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@6089c1e3,
org.springframework.security.web.context.SecurityContextPersistenceFilter@4bba628,
org.springframework.security.web.header.HeaderWriterFilter@47b4fcd5,
org.springframework.security.web.csrf.CsrfFilter@439acac0,
org.springframework.security.web.authentication.logout.LogoutFilter@6af447b6,
org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter@5679e464,
org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4420f4d4,
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@517594dd,
org.springframework.security.web.authentication.AnonymousAuthenticationFilter@67231d8d,
org.springframework.security.web.session.SessionManagementFilter@59b5251d,
org.springframework.security.web.access.ExceptionTranslationFilter@7d6b0636,
org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4b50ebea]
2021-04-08 08:58:47.883 WARN 3040 --- [ main]
ConfigServletWebServerApplicationContext : Exception encountered
during context initialization - cancelling refresh attempt:
org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'configSecurity' defined in class path
resource [it/config/SecurityConfig.class]:
Unsatisfied dependency expressed through method 'configSecurity'
parameter 0; nested exception is
org.springframework.beans.factory.NoSuchBeanDefinitionException: No
qualifying bean of type
'org.springframework.security.config.web.server.ServerHttpSecurity'
available: expected at least 1 bean which qualifies as autowire
candidate. Dependency annotations: {}
并且:
APPLICATION FAILED TO START
Description: Parameter 0 of method configSecurity in
it.config.SecurityConfig required a bean of type
'org.springframework.security.config.web.server.ServerHttpSecurity'
that could not be found.
Action: Consider defining a bean of type
'org.springframework.security.config.web.server.ServerHttpSecurity' in
your configuration.
你知道怎么解决吗?
在我的依赖之下:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
尝试使用以下内容注释 bean 所在的 class:
@Configuration
@EnableWebSecurity
另外,确保 bean 是 public - 看看是否所有这些都解决了它?如果没有 - 您能否提供异常的完整堆栈跟踪。
谢谢,本
尝试在顶部添加所有这些注释。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true, prePostEnabled = true)
有时 @EnableGlobalMethodSecurity 有帮助
我使用 HttpSecurity 而不是 ServerHttpSecurity 解决了问题。在我的新代码下方:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()).oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
}
}
我正在尝试为我的 Spring 启动应用程序添加 Spring 安全性。我创建了新的 SecurityConfig class 并添加了以下代码:
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityWebFilterChain configSecurity(ServerHttpSecurity http) {
return http
.authorizeExchange(exchange -> exchange.matchers(EndpointRequest.toAnyEndpoint()).permitAll().anyExchange().authenticated())
.oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::jwt)
.build();
}
}
当我尝试启动应用程序时出现错误:
2021-04-08 08:58:47.828 INFO 3040 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@6089c1e3, org.springframework.security.web.context.SecurityContextPersistenceFilter@4bba628, org.springframework.security.web.header.HeaderWriterFilter@47b4fcd5, org.springframework.security.web.csrf.CsrfFilter@439acac0, org.springframework.security.web.authentication.logout.LogoutFilter@6af447b6, org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter@5679e464, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4420f4d4, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@517594dd, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@67231d8d, org.springframework.security.web.session.SessionManagementFilter@59b5251d, org.springframework.security.web.access.ExceptionTranslationFilter@7d6b0636, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4b50ebea]
2021-04-08 08:58:47.883 WARN 3040 --- [ main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'configSecurity' defined in class path resource [it/config/SecurityConfig.class]: Unsatisfied dependency expressed through method 'configSecurity' parameter 0; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'org.springframework.security.config.web.server.ServerHttpSecurity' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations: {}
并且:
APPLICATION FAILED TO START
Description: Parameter 0 of method configSecurity in it.config.SecurityConfig required a bean of type 'org.springframework.security.config.web.server.ServerHttpSecurity' that could not be found.
Action: Consider defining a bean of type 'org.springframework.security.config.web.server.ServerHttpSecurity' in your configuration.
你知道怎么解决吗?
在我的依赖之下:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
尝试使用以下内容注释 bean 所在的 class:
@Configuration
@EnableWebSecurity
另外,确保 bean 是 public - 看看是否所有这些都解决了它?如果没有 - 您能否提供异常的完整堆栈跟踪。
谢谢,本
尝试在顶部添加所有这些注释。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true, prePostEnabled = true)
有时 @EnableGlobalMethodSecurity 有帮助
我使用 HttpSecurity 而不是 ServerHttpSecurity 解决了问题。在我的新代码下方:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()).oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
}
}