个人中心
gpt4 book ai didi

java - 使用 @Preauthorize 多个 Controller 进行注释时出现 Spring Security 错误

转载 作者:太空宇宙 更新时间:2023-11-04 07:09:06 24 4
gpt4 key购买 nike

我只能使用 @Preauthorize 注释一个 Controller 的方法。当我尝试注释第二个 Controller 的方法时,我收到此异常:

org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter springSecurityFilterChain
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'allController' defined in file [/Users/alberto/springsource/vfabric-tc-server-developer-2.9.3.RELEASE/base-instance/wtpwebapps/sp/WEB-INF/classes/com/ap/sp/AllController.class]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Unexpected AOP exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'methodSecurityInterceptor' defined in class path resource [org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.class]: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public org.aopalliance.intercept.MethodInterceptor org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.methodSecurityInterceptor() throws java.lang.Exception] threw exception; nested exception is java.lang.IllegalArgumentException: Expecting to only find a single bean for type interface org.springframework.security.authentication.AuthenticationManager, but found []

我只使用 java 配置。这是我的安全配置(我想接受所有请求并使用 @Preauthorize 在方法级别执行权限检查)

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled=true)
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private static final Logger logger = LoggerFactory.getLogger(HomeController.class);

    @Autowired
    private DataSource dataSource;

     @Autowired
     public void registerGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .jdbcAuthentication()
                .dataSource(dataSource)
                .usersByUsernameQuery("SELECT username, password, enabled FROM auth_users WHERE username = ?")
                .authoritiesByUsernameQuery("SELECT username, authority FROM auth_authorities WHERE username = ?");
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .anyRequest()
            .permitAll();
    }

}

这是我可以注释方法的唯一 Controller (如果我仅注释此 Controller ,则一切正常):

@Controller
public class SecurityController {

    private static final Logger logger = LoggerFactory.getLogger(SecurityController.class);


    @ExceptionHandler(AccessDeniedException.class)
    @ResponseBody
    public SecResponse handleCustomException(AccessDeniedException ex) {

        logger.error("exception: " + ex.getMessage());
        SecResponse resp = new SecResponse();
        resp.status = "ERROR";
        return resp;

    }

    @PreAuthorize("hasRole('ADMIN')")
    @ResponseBody
    @RequestMapping(value = "/sec/admin", method = RequestMethod.GET)
    public SecResponse secAdmin() {

        SecResponse resp = new SecResponse();
        resp.role = Roles.ADMIN;

        return resp;
    }

    @PreAuthorize("hasRole('USER')")
    @ResponseBody
    @RequestMapping(value = "/sec/user", method = RequestMethod.GET)
    public SecResponse secUser() {

        SecResponse resp = new SecResponse();
        resp.role = Roles.USER;

        return resp;
    }       

}

当我创建一个新 Controller 并注释其方法时,我收到开头显示的异常

@Controller
public class AllController {

    private static final Logger logger = LoggerFactory.getLogger(AllController.class);

    @ExceptionHandler(AccessDeniedException.class)
    @ResponseBody
    public SecResponse handleCustomException(AccessDeniedException ex) {

        logger.error("exception: " + ex.getMessage());
        SecResponse resp = new SecResponse();
        resp.status = "ERROR";
        return resp;

    }



    @PreAuthorize("hasRole('ADMIN')")   
    @ResponseBody
    @RequestMapping(value="/all/one", method = RequestMethod.GET)
    public String one() {

        return "one";
    }


}

我只是希望能够在不同的 Controller 上注释方法。你能告诉我如何做到这一点以及为什么我在注释另一个 Controller 的方法时会收到该异常吗?

最佳答案

在 Java 配置中使用 @PreAuthorize 注释之前,您必须执行一些必要的步骤:

  1. 在主安全配置中,您必须指定注释以启用全局方法安全性:

    @Configuration
    @EnableWebSecurity        
    @EnableGlobalMethodSecurity(prePostEnabled = true)

  2. 使用 @PreAuthorize 注解标记您想要保护的方法(顺便说一句,@Override 应该让您思考如何在接口(interface)中进行编程):

    @Service (value = "defaultSecuredService")
    public class DefaultSecuredService implements SecuredService {

        @Override
        @PreAuthorize("hasRole('ROLE_ADMIN')")
        public String findSimpleString() {
            return "simple string";
        }

    }

  3. 确保您的 bean 已添加到 Spring 上下文中并使用 INTERFACE 进行实例化:

    @Controller
    public class IndexController {

        @Autowired
        private SecuredService defaultSecuredService;

        @RequestMapping (value = "/index", method = RequestMethod.GET)
        public ModelAndView getIndexPage() {
            ModelAndView modelAndView = new ModelAndView();
            modelAndView.setViewName("index");
            modelAndView.addObject("simpleString", defaultSecuredService.findSimpleString());

            return modelAndView;
        }

    }

关于java - 使用 @Preauthorize 多个 Controller 进行注释时出现 Spring Security 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20906865/

24 4 0
文章推荐: java - 我想使用循环从 CSV 文件 java 中查找列的值
文章推荐: python - 导入 zbar 会导致 python 以退出代码 139 退出 - 在运行 10.9 的 mac 上可能导致这种情况的原因是什么?
文章推荐: c - 二叉树插入错误
文章推荐: java - 为什么 JavaFX 中的最终类 WebView 包含 protected 方法 getChildren()?
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com