安全性5.4.6中断安全配置

xytpbqjk  于 2021-10-10  发布在  Java
关注(0)|答案(1)|浏览(245)

摘要将spring boot项目从2.1.5版本更新为2.4.5版本。它自动更新了版本spring security中的所有spring安全依赖项。。5.1.5Spring释放-安全性。。5.4.6中断安全配置
原因:org.springframework.beans.beans示例化异常:未能示例化[javax.servlet.filter]:工厂方法“springsecurityfilterchain”引发异常;嵌套异常是java.lang.illegalstateexception:无法在org.springframework.beans.factory.support.SimpleInstallationStrategy.instantiate(SimpleInstallationStrategy.java:185)~[spring-beans-5.3.6.jar:5.3.6]处配置任何请求org.springframework.beans.factory.support.constructorresolver.instantiate(constructorresolver.java:653)~[spring-beans-5.3.6.jar:5.3.6]。。。28更多原因:java.lang.illegalstateexception:无法在org.springframework.util.assert.state(assert.java:76)~[spring-core-5.3.6.jar:5.3.6]org.springframework.security.config.annotation.web.requestAbstractMatcherRegistry.anyrequest(abstractrequestmatcherregistry.java:72)上配置任何请求~[spring-security-config-5.4.6.jar:5.4.6]位于com.verizon.wfm.nt.config.securityconfig.configure(securityconfig.java:14)~[default/:?]位于org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter.gethttp(websecurityconfigureradapter.java:217)~[spring-security-config-5.4.6.jar:5.4.6]
安全配置工作代码

@EnableWebSecurity
@configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@override
protected void configure(HttpSecurity httpSecurity) throws Exception {
super.configure(httpSecurity);
httpSecurity.authorizeRequests().anyRequest().permitAll();
httpSecurity.csrf().disable();
httpSecurity.headers().frameOptions().disable();
}
}
oprakyz7

oprakyz71#

打电话的时候 super.configure(httpSecurity) 它做了以下工作:

http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
http.formLogin();
http.httpBasic();

之后,您将使用 anyRequest 再一次。在最新版本的spring security中不允许使用它。
我建议你不要打电话给 super.configure(httpSecurity) 而是禁用默认值并进行配置,如下所示:

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{
    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.formLogin().disable();
        httpSecurity.httpBasic().disable();
        httpSecurity.authorizeRequests((requests) ->
            requests.anyRequest().permitAll()
        );
        httpSecurity.csrf().disable();
        httpSecurity.headers().frameOptions().disable();
    }
}

相关问题