spring-security 创建在ServletContext资源[/WEB-INF/config/application-security.xml]中定义的名为“authenticationSuccessHandler”的Bean时出错

ltqd579y  于 2022-11-11  发布在  Spring
关注(0)|答案(1)|浏览(191)

我收到以下错误:

Caused by: 
 org.springframework.beans.factory.UnsatisfiedDependencyException: 
 Error creating bean with name 'authenticationSuccessHandler' defined 
 in ServletContext resource [/WEB-INF/config/application-security.xml]: 
 Unsatisfied dependency expressed through constructor parameter 0; 
 nested exception is 
 org.springframework.beans.factory.NoSuchBeanDefinitionException: No 
 qualifying bean of type 'java.lang.String' available: expected at 
 least 1 bean which qualifies as autowire candidate. Dependency 
 annotations: {}

IDE中的Bean如下所示:

登录成功处理程序

public class LoginSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    private static final Logger log = LoggerFactory.getLogger(LoginSuccessHandler.class);

    private UserDto user = (UserDto) SecurityContextHolder.getContext().getAuthentication().getPrincipal();

    private HttpServletRequest request;

    public LoginSuccessHandler(String defaultTargetUrl, HttpServletRequest request) {
        super(defaultTargetUrl);
        this.request = request;
    }

当我悬停在它上面时,它显示String defaultTargetUrl ???HttpServletRequest ???
在我的application-security.xml文件中,我将其定义如下:

<security:form-login login-page="/logon.do"
                         login-processing-url="/logon.do"
                         authentication-success-handler-ref="authenticationSuccessHandler"
                         authentication-failure-handler-ref="authenticationFailureHandler"
                         username-parameter="username"
                         password-parameter="password"/>
    <!-- Users limited to one login at a time -->
    <security:session-management>
        <security:concurrency-control
                max-sessions="1" error-if-maximum-exceeded="false" />
    </security:session-management>

    <security:logout logout-url="/logout" delete-cookies="true"
                     invalidate-session="true" success-handler-ref="logoutSuccessHandler" />
    <!-- enable CSRF -->
    <security:csrf disabled="false"/>
</security:http>

这部分的错误让我很困惑。
No qualifying bean of type 'java.lang.String' available:
这是一个编译错误。任何建议都将不胜感激。
更新一个
我删除了构造函数的参数,错误就消失了。但是现在我得到了一个错误消息:.LoginSuccessHandler]: Constructor threw exception; nested exception is java.lang.NullPointerException
bean看起来是一样的,但我读的是The determineTargetUrl method is the only thing which uses it and request is one of its arguments. Either use a <constructor-arg> in the xml and pass the value for defaultUrl or remove it as an argument and get it elsewhere.,但我不确定把它放在哪里。
现在,在删除构造函数后,空指针异常出现在以下行中:

private UserDto user = (UserDto) SecurityContextHolder.getContext().getAuthentication().getPrincipal();

我也是突突而妄道:

caused By: org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name

'org.springframework.security.web.authentication.UsernamePasswordAuthenti cationFilter#0': Cannot resolve reference to bean 'authenticationSuccessHandler' while setting bean property 'authenticationSuccessHandler'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationSuccessHandler' defined in ServletContext resource [/WEB-INF/config/application-security.xml]:
更新2---------------------------------------------
我执行了以下操作:

public class LoginSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

    private static final Logger log = LoggerFactory.getLogger(LoginSuccessHandler.class);

    @Override
    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {

        UserDto user = (UserDto) SecurityContextHolder.getContext().getAuthentication().getPrincipal();

之前我得到一个nullPointerException,因为UserDto user = (UserDto) SecurityContextHolder.getContext().getAuthentication().getPrincipal();在方法之前。现在我得到一个错误消息:

NoSuchBeanDefinitionException:No bean named 
'org.springframework.security.authenticationManager' available: Did 
you forget to add a global <authentication-manager> element to your 
configuration (with child <authentication-provider> elements)? 
Alternatively you can use the authentication-manager-ref attribute on 
your <http> and <global-method-security> elements.
ryoqjall

ryoqjall1#

第一个错误是你写的类上的错误。构造函数要求一个字符串和一个HTTPSession。

  • String可设置为属性
  • HTTPSession不应用作Spring Bean,因为Spring声明为Singleton,而会话取决于用户。

第二个错误意味着您忘记提供身份验证管理器。您可以使用以下命令添加一个:

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        user-service-ref="userDetailsService" />
</security:authentication-manager>

其中userDetailsService是一个将名称Map到用户详细信息bean。Spring提供了一些实现,如InMemoryUserDetailsManagerJdbcUserDetailsManagerLdapUserDetailsService

相关问题