All geek questions in one place

Spring Security Configuration @ Unable to create unique exception

I tried to register several filters in my Spring Security configuration, however I always get the same exception:

04-Nov-2015 14: 35: 23.792 ATTENTION [RMI TCP connection (3) -127.0.0.1] org.springframework.web.context.support.AnnotationConfigWebApplicationContext.refresh An exception occurred while initializing the context - canceled an attempt to update org.springframework.beans .factory.BeanCreationException: error creating a bean named 'Org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Injection of autoconnected dependencies failed; nested exception java.lang.IllegalStateException: @Order on WebSecurityConfigurers must be unique. Order 100 has already been used, so it cannot be used on com.payment21.webapp.MultiHttpSecurityConfig $ ApiW ebSecurityConfigurationAdapter $$ EnhancerBySpringCGLIB $$ 35c79fe4 @ 1d381684 too.

Since my own attempts did not work, I tried the exact same code as shown in the Spring Security reference :

@EnableWebSecurity
public class MultiHttpSecurityConfig {
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) { 
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER").and()
                .withUser("admin").password("password").roles("USER", "ADMIN");
    }

    @Configuration
    @Order(1)                                                        
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
                .antMatcher("/api/**")                               
                .authorizeRequests()
                    .anyRequest().hasRole("ADMIN")
                    .and()
                .httpBasic();
        }
    }

    @Configuration                                                   
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                .formLogin();
        }
    }
}

To isolate the error, I tried replacing web.xml with a Java-based approach, but it didn't work either. I have no idea what’s wrong, doc wrong? Could something be confused with the setting in my application? The system starts correctly if I do not register a second WebSecurityConfigAdapter.

These are my dependencies:

compile 'org.springframework:spring-webmvc:4.2.2.RELEASE'
compile 'org.springframework:spring-messaging:4.2.2.RELEASE'
compile 'org.springframework:spring-websocket:4.2.2.RELEASE'
compile 'org.springframework:spring-aop:4.2.2.RELEASE'
compile'javax.servlet:javax.servlet-api:3.0.1'
compile 'org.springframework.security:spring-security-web:4.0.3.RELEASE'
compile 'org.springframework.security:spring-security-config:4.0.3.RELEASE'
+17
source share
12 answers

I found a mistake ... no one ever publishes import in fragments. We use customization of several modules, and IntelliJ does not recognize Spring annotations and does not use

org.apache.logging.log4j.core.config.Order

org.springframework.core.annotation.Order

Spring , 100 .

+8

, , @Order . , @Journeycorner - . :)

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import com.someco.entity.User;
import com.someco.service.SpringDataJpaUserDetailsService;

@Configuration("CustomSecurityConfig")
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(1000)                                                        
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
private SpringDataJpaUserDetailsService userDetailsService;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
        .userDetailsService(this.userDetailsService)
            .passwordEncoder(User.PASSWORD_ENCODER);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/built/**", "/main.css").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .defaultSuccessUrl("/", true)
            .permitAll()
            .and()
        .httpBasic()
            .and()
        .csrf().disable()
        .logout()
            .logoutSuccessUrl("/");
}

}
+13

, . , @Configuration applicationContext.xml, , ( MultiHttpSecurityConfig), .

, XML.

+7

, @EnableWebSecurity. , . , !

+4

@Order (1000) WebSecurityConfigurerAdapter

+2

, @EnableWebSecurity. , . , !

package com.ie.springboot.configuaration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("mkyong").password("123456").roles("USER");
        auth.inMemoryAuthentication().withUser("admin").password("{noop}123456").roles("ADMIN");
        auth.inMemoryAuthentication().withUser("dba").password("123456").roles("DBA");

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
                .antMatchers("/*").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_DBA')")
                .and().formLogin();
        http.csrf().disable();

    }
}
+1

, , . git , - @RefreshScope .

@RefreshScope, .

+1

, @order(100) - spring. @order(100) .

0

, @Configuration .

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
0

, :

@Configuration("MySecurityConfig")
public class MySecurityConfig extends WebSecurityConfigurerAdapter
0

, Spring WebSecurityConfigurerAdapter , order (100), spring .

0

@EnableOAuth2Sso , @SpringBootApplication, , WebSecurityConfigurerAdapter. @EnableOAuth2Sso:

WebSecurityConfigurerAdapter, @EnableOAuth2Sso, . @EnableOAuth2Sso, WebSecurityConfigurerAdapter , .

, , .
, , @EnableOAuth2Sso , WebSecurityConfigurerAdapter.

0

Source: https://habr.com/ru/post/1614463/

More articles:


All Articles