我使用 Spring security 3 没有问题。升级到4个问题后。
到目前为止,我更改了 build.gradle 的版本号、所有 xml 配置文件并删除了 gradle 的缓存并重新下载了所有内容。
根据 this doc从此更改了安全 http 元素:
<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint"
access-denied-page="/#/not-authorized">
对此:
<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint">
<security:access-denied-handler error-page="/#/not-authorized"/>
</security:http>
现在,如果我运行我的 spring web 应用程序,我会得到这个异常:
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#1':
Cannot create inner bean '(inner bean)#40a99380' of type [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]
while setting constructor argument with key [7]; nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name '(inner bean)#40a99380': Cannot resolve reference to bean 'authenticationEntryPoint' while setting bean property 'authenticationEntryPoint';
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'authenticationEntryPoint' defined in class path resource [META-INF/spring/rest-security.xml]: Instantiation of bean failed;
nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint]:
No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint.<init>()
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:313)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:129)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1143)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1046)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:305)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:301)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:196)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
为什么会出现此异常以及如何解决?
------------ 编辑 1 ----------
应用程序上下文.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.0.xsd">
<context:property-placeholder location="classpath:*.properties" ignore-unresolvable="true" order="0"/>
<context:annotation-config />
<import resource="rest-common.xml" />
<import resource="rest-security.xml" />
<import resource="rest-servlet.xml" />
<import resource="rest-mongodb.xml" />
</beans>
rest-security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">
<!-- spring-security 3.2 -> 4.0 -->
<security:http pattern="/rest/**" auto-config="false" use-expressions="true" entry-point-ref="response403EntryPoint"/>
<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint">
<security:access-denied-handler error-page="/#/not-authorized"/>
<security:logout logout-url="/logout" invalidate-session="true" logout-success-url="/" />
<security:custom-filter ref="jsonAuthenticationProcessingFilter" position="FORM_LOGIN_FILTER" />
</security:http>
<bean id="customAuthenticationManager" class="com.myal.security.CustomAuthenticationManager" p:username="admin"
p:password="admin" />
<bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
p:defaultFailureUrl="/rest/security/login-failed" />
<bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"
p:defaultTargetUrl="/rest/security/check" />
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
p:loginFormUrl="/#/login" />
<bean id="response403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
<bean id="jsonAuthenticationProcessingFilter" class="com.myal.security.JsonAuthenticationProcessingFilter"
p:authenticationManager-ref="customAuthenticationManager" p:authenticationFailureHandler-ref="customAuthenticationFailureHandler"
p:authenticationSuccessHandler-ref="customAuthenticationSuccessHandler" />
<security:authentication-manager />
</beans>
rest-servlet.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">
<!-- spring-security 3.2 -> 4.0 -->
<!-- Has to be defined in same context where beans are scanned -->
<security:global-method-security secured-annotations="enabled"
authentication-manager-ref="customAuthenticationManager" />
<context:property-placeholder location="classpath:*.properties" ignore-unresolvable="true"
order="1" />
<mvc:annotation-driven />
<mvc:resources mapping="/scripts/**" location="/scripts/" cache-period="300" />
<mvc:resources mapping="/styles/**" location="/styles/" cache-period="300" />
<mvc:resources mapping="/partials/**" location="/partials/" cache-period="300" />
<mvc:resources mapping="/images/**" location="/images/" cache-period="300" />
<mvc:resources mapping="/assets/**" location="/assets/" cache-period="300" />
<bean id="jacksonMessageConverter" class="org.springframework.web.servlet.view.json.MappingJackson2JsonView"></bean>
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />
<!-- init -->
<context:component-scan base-package="com.myal.repository" />
<context:component-scan base-package="com.myal.rest" />
</beans>
最佳答案
看看Migrating from Spring Security 3.x to 4.x (XML Configuration)章4.7.5. LoginUrlAuthenticationEntryPoint
The LoginUrlAuthenticationEntryPoint default constructor and the setLoginFormUrl method was removed in favor of constructor injection. For example:
LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint(); entryPoint.setLoginFormUrl("/login");should be replaced with
LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint(loginFormUrl);
根据这个替换
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
p:loginFormUrl="/#/login" />
与
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<constructor-arg value="/#/login" />
</bean>
顺便说一句:我强烈建议您阅读完整的 Migrating from Spring Security 3.x to 4.x (XML Configuration)指导
关于java - 从 Spring security 3 升级到 Spring security 4 后出现异常?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33969587/