spring-security 无法示例化[javax.servlet.Filter]:工厂方法'springSecurityFilterChain'无法在anyRequest之后配置antMatchers

gev0vcfq  于 2022-11-11  发布在  Spring
关注(0)|答案(2)|浏览(641)

我在将Sping Boot 版本升级到2.6.2后收到此错误:
Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Can't configure antMatchers after anyRequest
这是我的securityConfig类从WebSecurityConfigurerAdapter扩展而来的。

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http.csrf().disable().headers().frameOptions().disable().and().sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers("/api/**")
        .authenticated().and()
        .addFilterAfter(new TokenAuthenticationProcessingFilter(
            new PiAuthenticationProvider(
                new ApplicationPropertiesDataAdapterPi(this.applicationProperties)),
            "/api/**", null, new CustomAuthenticationFailureHandler(),
            AuthTokenUtil::extractXAuthorizationToken), BasicAuthenticationFilter.class);
}
spring-security

2条答案

按热度按时间
bqujaahr

bqujaahr1#

当您调用super.configure(http)时,它实际上执行以下操作:

protected void configure(HttpSecurity http) throws Exception {
        this.logger.debug("Using default configure(HttpSecurity). "
                + "If subclassed this will potentially override subclass configure(HttpSecurity).");
        http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
        http.formLogin();
        http.httpBasic();
    }

在此之后,您将尝试再次执行.authorizeRequests().antMatchers(“/api/**”),这将导致此错误。

赞(0)分享  回复(0)举报  2022-11-11
gxwragnw

gxwragnw2#

在另一种情况下,您也会收到此错误无法示例化[javax.servlet.Filter]:工厂方法“springSecurityFilterChain”引发异常
引发此异常的代码

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
            .authorizeRequests().antMatchers("/authenticate").permitAll()
            .anyRequest();
}

修复:附加**.authenticated()**方法

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
            .authorizeRequests().antMatchers("/authenticate").permitAll()
            .anyRequest().authenticated();
}
赞(0)分享  回复(0)举报  2022-11-11
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com