无法实例化 [javax.servlet.Filter]:工厂方法 'springSecurityFilterChain' 无法在 anyRequest 之后配置 antMatchers
Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' Can't configure antMatchers after anyRequest
将 spring 引导版本升级到 2.6.2 后出现此错误:
Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Can't configure antMatchers after anyRequest
这是我的安全配置 class 从 WebSecurityConfigurerAdapter 扩展。
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.csrf().disable().headers().frameOptions().disable().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers("/api/**")
.authenticated().and()
.addFilterAfter(new TokenAuthenticationProcessingFilter(
new PiAuthenticationProvider(
new ApplicationPropertiesDataAdapterPi(this.applicationProperties)),
"/api/**", null, new CustomAuthenticationFailureHandler(),
AuthTokenUtil::extractXAuthorizationToken), BasicAuthenticationFilter.class);
}
当您调用 super.configure(http) 时,它实际上执行以下操作:
protected void configure(HttpSecurity http) throws Exception {
this.logger.debug("Using default configure(HttpSecurity). "
+ "If subclassed this will potentially override subclass configure(HttpSecurity).");
http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
http.formLogin();
http.httpBasic();
}
然后您再次尝试执行 .authorizeRequests().antMatchers("/api/**") 导致此错误。所以根本不要调用 super.configure(http) 并在你的方法中实现你需要的所有逻辑
将 spring 引导版本升级到 2.6.2 后出现此错误:
Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Can't configure antMatchers after anyRequest
这是我的安全配置 class 从 WebSecurityConfigurerAdapter 扩展。
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.csrf().disable().headers().frameOptions().disable().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers("/api/**")
.authenticated().and()
.addFilterAfter(new TokenAuthenticationProcessingFilter(
new PiAuthenticationProvider(
new ApplicationPropertiesDataAdapterPi(this.applicationProperties)),
"/api/**", null, new CustomAuthenticationFailureHandler(),
AuthTokenUtil::extractXAuthorizationToken), BasicAuthenticationFilter.class);
}
当您调用 super.configure(http) 时,它实际上执行以下操作:
protected void configure(HttpSecurity http) throws Exception {
this.logger.debug("Using default configure(HttpSecurity). "
+ "If subclassed this will potentially override subclass configure(HttpSecurity).");
http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
http.formLogin();
http.httpBasic();
}
然后您再次尝试执行 .authorizeRequests().antMatchers("/api/**") 导致此错误。所以根本不要调用 super.configure(http) 并在你的方法中实现你需要的所有逻辑