java - @PreAuthorize 不起作用 - 是否存在无法解析的循环引用？

Question

我正在尝试使用@PreAuthorize 批注的 spring 安全性(用户角色授权)示例，遇到以下错误。

Caused by: org.springframework.beans.BeanInstantiationException:         
    Failed to instantiate [org.aopalliance.intercept.MethodInterceptor]:    
    Factory method 'methodSecurityInterceptor' threw exception; nested exception is     org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'methodSecurityInterceptor': Requested bean is currently in creation: Is there an unresolvable circular reference?
                at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
                at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
                ... 91 more
        Caused by: org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'methodSecurityInterceptor': Requested bean is currently in creation: I
        s there an unresolvable circular reference?
                at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.beforeSingletonCreation(DefaultSingletonBeanRegistry.java:347)
                at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
                at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
                at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
                at org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor.getAdvice(MethodSecurityMetadataSourceAdvisor.java:107)
                at org.springframework.aop.aspectj.AspectJProxyUtils.isAspectJAdvice(AspectJProxyUtils.java:67)
                at org.springframework.aop.aspectj.AspectJProxyUtils.makeAdvisorChainAspectJCapableIfNecessary(AspectJProxyUtils.java:49)

我的 WebSecurityConfigurerAdapter 扩展类是:

@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
@EnableGlobalMethodSecurity(prePostEnabled = true)
public static class FormLoginWebSecurityConfigurerAdapter extends
        WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().anyRequest().authenticated().and()
                .formLogin().loginPage("/login").defaultSuccessUrl("/home")
                .permitAll().and().logout().permitAll()
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/login?logout").permitAll()
                .and().httpBasic()

                .and().exceptionHandling()
                .accessDeniedPage("/access?error");

}

以及 UserController 中的方法级授权检查:

 @Controller
    @EnableAutoConfiguration
    public class UserController {
    @PreAuthorize("hasAnyAuthority('111')")
        @RequestMapping(value = "/users")
        public String userManagement(Model model) {
            .
            return something;
        }
    }

我在登录时获得用户权限(列表)，其中有 111

任何人都可以帮助我解决我面临的错误吗？

Answer 1

最近我遇到了类似的问题。
在我的项目中有 @PreAuthorize 注解 以及处理审计逻辑的方面。
就我而言，这足以:
1.按照以下方式更新安全配置

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(mode = ASPECTJ, prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter`

2.在pom.xml中添加依赖

<dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-aspects</artifactId>
     <version>4.1.0.RELEASE</version>
</dependency>

希望有人会觉得有帮助。