WebSecurityConfigurerAdapter过时的替代方式

时间:2025-04-24 17:17:26

SpringSecurity配置,用着用着就过期了,而且还报unsafe异常,真的是不让懒人活着啊。

万能的网络上找答案

找了一圈,都说用 @Bean的方式注入,代替继承WebSecurityConfigurerAdapter。

试了一下,老是报异常:

Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.

我已经把 

@EnableWebSecurity

去掉了,还是报这个,不知道哪里又加载了

WebSecurityConfiguration

这个类了。

索性不管了,直接覆盖。

看源码

@Configuration(
    proxyBeanMethods = false
)
public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAware {
    ‘’‘’‘’‘’

    @Bean
    @DependsOn({"springSecurityFilterChain"})
    public SecurityExpressionHandler<FilterInvocation> webSecurityExpressionHandler() {
        return ();
    }

    @Bean(
        name = {"springSecurityFilterChain"}
    )
    public Filter springSecurityFilterChain() throws Exception {
        boolean hasConfigurers =  != null && !();
        boolean hasFilterChain = !();
        (!hasConfigurers || !hasFilterChain, "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
        if (!hasConfigurers && !hasFilterChain) {
            WebSecurityConfigurerAdapter adapter = (WebSecurityConfigurerAdapter)(new WebSecurityConfigurerAdapter() {
            });
            (adapter);
        }

        Iterator var7 = ();

        while(true) {
            while(()) {
                SecurityFilterChain securityFilterChain = (SecurityFilterChain)();
                (() -> {
                    return securityFilterChain;
                });
                Iterator var5 = ().iterator();

                while(()) {
                    Filter filter = (Filter)();
                    if (filter instanceof FilterSecurityInterceptor) {
                        ((FilterSecurityInterceptor)filter);
                        break;
                    }
                }
            }

            var7 = ();

            while(()) {
                WebSecurityCustomizer customizer = (WebSecurityCustomizer)();
                ();
            }

            return (Filter)();
        }
    }

    、、、、、、、
}

就是 (!hasConfigurers || !hasFilterChain, "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");

这句报出来的。

@Configuration
@RequiredArgsConstructor
@EnableWebSecurity(debug = true)
public class WebSecurityConfig
{

    private final AuthenticationConfiguration authenticationConfiguration;

    @Bean( name = {"springSecurityFilterChain"})
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{
        ()
                .requestMatchers(()).permitAll()
                .antMatchers("/**").permitAll()
                .anyRequest().authenticated();
        return ();
    }


    @Bean
    public AuthenticationManager authenticationManager() throws Exception{
        AuthenticationManager authenticationManager = ();
        return authenticationManager;
    }


    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

}

 启动不了,看看异常:

Description:

The bean 'springSecurityFilterChain', defined in class path resource [com/micro/exchange/auth/config/], could not be registered. A bean with that name has already been defined in class path resource [org/springframework/security/config/annotation/web/configuration/] and overriding is disabled.

Action:

Consider renaming one of the beans or enabling overriding by setting -bean-definition-overriding=true


挺贴心,还给了解决方案,咱们就是为了覆盖,不能修改名字,选第二个吧

spring:
  main:
    allow-bean-definition-overriding: true

修改完,启动,还是没启动起来,晕了。

AuthorizationServerConfigurerAdapter 继承类报 authenticationManager空指针

原因:继承类先于WebSecurityConfig类加载了。

网上说给WebSecurityConfig 加 @Order, 但是没有生效,不知道是缓存还是什么原因。

幸好有

@AutoConfigureAfter()

启动,调用,没有生效

参考:SpringBoot: @AutoConfigureAfter 和 @AutoConfigureBefore失效问题_零点冰.的博客-****博客_autoconfigureafter

这篇文章比较实用,顺序生效了。

问题解决。

解决问题还是得撸下源码,才能真正解决问题

相关文章