应用程序上下文中的Springbean依赖关系形成一个循环

1wnzp6jl  于 2023-01-12  发布在  Spring
关注(0)|答案(1)|浏览(173)

我一直在尝试给我的项目添加jwt授权。我已经尝试过添加@Lazy,但不起作用。我不知道如何更新我的应用程序以消除依赖循环。
控制台:

The dependencies of some of the beans in the application context form a cycle:

┌─────┐
|  jwtAuthenticationFilter defined in file [C:\Users\User\Desktop\PizzaCloud2\target\classes\pizzas\security\authentication\JwtAuthenticationFilter.class]
↑     ↓
|  securityConfig defined in file [C:\Users\User\Desktop\PizzaCloud2\target\classes\pizzas\security\SecurityConfig.class]
└─────┘

Action:

Relying upon circular references is discouraged and they are prohibited by default. Update your application to remove the dependency cycle between beans. As a last resort, it may be possible to break the cycle automatically by setting spring.main.allow-circular-references to true.

JwtAuthenticationFilter类:

@Component
@RequiredArgsConstructor
public class JwtAuthenticationFilter extends OncePerRequestFilter{
    
    private final JwtService jwtService;
    private final UserDetailsService userDetailsService;

    @Override
    protected void doFilterInternal(
            @NonNull HttpServletRequest request, 
            @NonNull HttpServletResponse response, 
            @NonNull FilterChain filterChain)
                    throws ServletException, IOException {
        
        final String authHeader = request.getHeader("Äuthorization");
        final String jwt;
        final String username;
        if (authHeader == null || !authHeader.startsWith("Bearer")) {
            filterChain.doFilter(request, response);
            return;
        }
        jwt = authHeader.substring(7);
        username = jwtService.extractUsername(jwt);
        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
            UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
            if (jwtService.isTokenValid(jwt, userDetails)) {
                UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
                    userDetails, userDetails.getAuthorities()
                );
                authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                SecurityContextHolder.getContext().setAuthentication(authToken);
            }
        }
        filterChain.doFilter(request, response);
    }
    
    
}

安全配置类:

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {
    
    
    private final JwtAuthenticationFilter jwtAuthFilter;
    
    private final AuthenticationProvider authenticationProvider;
  
    @Bean
    public UserDetailsService userDetailsService(UserRepository userRepo) {
        return username -> {
            User2 user = userRepo.findByUsername(username);
            if (user != null) {
                return user;
            }
            throw new UsernameNotFoundException(
                    "User '" + username + "' not found");
        };
    }
  
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        
        http
        .authenticationProvider(authenticationProvider)
        .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
        
        return http.csrf()
                .disable()
                /*.authorizeRequests()*/
                .authorizeHttpRequests()
                .requestMatchers("/design", "/orders").hasRole("USER")
                .anyRequest().permitAll()
                /*.anyRequest().authenticated()*/
              
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
              
                .and()
                .formLogin()
                .loginPage("/login")

                .and()
                .logout()
                .logoutSuccessUrl("/")

      // Make H2-Console non-secured; for debug purposes
              /*.and()
              .csrf()
              .ignoringRequestMatchers("/h2-console/**")*/

      // Allow pages to be loaded in frames from the same origin; needed for H2-Console
                .and()  
                .headers()
                .frameOptions()
                .sameOrigin()
        
                .and()
                .build();
        }

}

将spring.main.allow-circular-references设置为true没有任何帮助。

new9mtju

new9mtju1#

如错误所示:“不鼓励依赖循环引用,默认情况下禁止使用循环引用...”

  • JwtAuthenticationFilter引用安全配置中的用户详细信息服务
  • 安全配置参考JwtAuthenticationFilter

解决方案:可以将@Bean UserDetailsService移动到另一个配置类

相关问题