Spring boot 2.6.0 创建名称为 'webSecurityConfig' 的 bean 时出错
Spring boot 2.6.0 Error creating bean with name 'webSecurityConfig'
我无法将我的 spring 启动应用程序从 2.5.7 更新到 2.6.0。它抛出以下错误。
2021-12-07T08:40:22,311 ERROR [restartedMain] o.s.b.SpringApplication.reportFailure:819|| Application run failed org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'webSecurityConfig':
The requested bean is currently in creation: Is there an unresolvable circular reference?
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.beforeSingletonCreation(DefaultSingletonBeanRegistry.java:355)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:227)
从spring-boot 2.6.0 发行说明中可以清楚地看出,循环引用已被禁用。它可以通过 属性 spring.main.allow-circular-references = true 重新启用。但我想首先修复循环引用。谁能帮我解决这个问题?请在下面找到 WebSecurityConfig class,
@Configuration
@EnableWebSecurity
@SuppressWarnings({"PMD.SignatureDeclareThrowsException"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
public WebSecurityConfig(final UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Bean
public BCryptPasswordEncoder bcryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/registration", "/css/**", "/js/**", "/h2-console/*").permitAll()
.anyRequest().authenticated().and()
.formLogin()
.loginPage("/login").permitAll().and()
.headers()
.frameOptions().sameOrigin().and()
.logout()
.permitAll().and()
.requiresChannel()
.requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null)
.requiresSecure();
}
@Autowired
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bcryptPasswordEncoder());
}
}
我的代码是开源的,可以在 https://github.com/surajcm/Poseidon 找到,我会尝试自己解决问题,如果我能够解决这个问题,我会分享更新
问题出在密码编码器上。需要构建您在 class.
的构造函数中注入的自动配置 UserDetailsService
你可以通过制作bean工厂方法来打破循环static:
@Bean
public static BCryptPasswordEncoder bcryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
您还可以将工厂方法移动到不同的配置 class。但在我看来,您的 WebSecurityConfig 是该方法的规范位置。
因为我收到一条评论说我正在做自定义安全配置,这是一种不好的做法,所以我尝试自己修复它。尝试删除 configureGlobal 并改为添加 authenticationProvider bean。请在下面找到示例代码
@Configuration
@EnableWebSecurity
@SuppressWarnings({"PMD.SignatureDeclareThrowsException"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
public WebSecurityConfig(final UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Bean
public BCryptPasswordEncoder bcryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
//http.headers().frameOptions().disable();
http.csrf().disable();
http
.authorizeRequests()
.antMatchers("/resources/**",
"/registration",
"/css/**", "/js/**", "/img/**",
"/h2-console/**",
"/console/**").permitAll()
.and().headers().frameOptions().sameOrigin();
http
.authorizeRequests()
.anyRequest().authenticated().and()
.formLogin()
.loginPage("/login").permitAll().and()
.headers()
.frameOptions().sameOrigin().and()
.logout()
.permitAll().and()
.requiresChannel()
.requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null)
.requiresSecure();
}
@Bean
public AuthenticationProvider authenticationProvider() {
var provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
provider.setPasswordEncoder(bcryptPasswordEncoder());
return provider;
}
}
我无法将我的 spring 启动应用程序从 2.5.7 更新到 2.6.0。它抛出以下错误。
2021-12-07T08:40:22,311 ERROR [restartedMain] o.s.b.SpringApplication.reportFailure:819|| Application run failed org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'webSecurityConfig':
The requested bean is currently in creation: Is there an unresolvable circular reference?
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.beforeSingletonCreation(DefaultSingletonBeanRegistry.java:355)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:227)
从spring-boot 2.6.0 发行说明中可以清楚地看出,循环引用已被禁用。它可以通过 属性 spring.main.allow-circular-references = true 重新启用。但我想首先修复循环引用。谁能帮我解决这个问题?请在下面找到 WebSecurityConfig class,
@Configuration
@EnableWebSecurity
@SuppressWarnings({"PMD.SignatureDeclareThrowsException"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
public WebSecurityConfig(final UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Bean
public BCryptPasswordEncoder bcryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/registration", "/css/**", "/js/**", "/h2-console/*").permitAll()
.anyRequest().authenticated().and()
.formLogin()
.loginPage("/login").permitAll().and()
.headers()
.frameOptions().sameOrigin().and()
.logout()
.permitAll().and()
.requiresChannel()
.requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null)
.requiresSecure();
}
@Autowired
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bcryptPasswordEncoder());
}
}
我的代码是开源的,可以在 https://github.com/surajcm/Poseidon 找到,我会尝试自己解决问题,如果我能够解决这个问题,我会分享更新
问题出在密码编码器上。需要构建您在 class.
的构造函数中注入的自动配置UserDetailsService
你可以通过制作bean工厂方法来打破循环static:
@Bean
public static BCryptPasswordEncoder bcryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
您还可以将工厂方法移动到不同的配置 class。但在我看来,您的 WebSecurityConfig 是该方法的规范位置。
因为我收到一条评论说我正在做自定义安全配置,这是一种不好的做法,所以我尝试自己修复它。尝试删除 configureGlobal 并改为添加 authenticationProvider bean。请在下面找到示例代码
@Configuration
@EnableWebSecurity
@SuppressWarnings({"PMD.SignatureDeclareThrowsException"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final UserDetailsService userDetailsService;
public WebSecurityConfig(final UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Bean
public BCryptPasswordEncoder bcryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
//http.headers().frameOptions().disable();
http.csrf().disable();
http
.authorizeRequests()
.antMatchers("/resources/**",
"/registration",
"/css/**", "/js/**", "/img/**",
"/h2-console/**",
"/console/**").permitAll()
.and().headers().frameOptions().sameOrigin();
http
.authorizeRequests()
.anyRequest().authenticated().and()
.formLogin()
.loginPage("/login").permitAll().and()
.headers()
.frameOptions().sameOrigin().and()
.logout()
.permitAll().and()
.requiresChannel()
.requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null)
.requiresSecure();
}
@Bean
public AuthenticationProvider authenticationProvider() {
var provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
provider.setPasswordEncoder(bcryptPasswordEncoder());
return provider;
}
}