spring-security 创建名为“webSecurityConfig”的Bean时出错

rkue9o1l 于 2022-11-11 发布在 Spring

关注(0)|答案(3)|浏览(394)

我无法将我的Sping Boot 应用程序从2. 5. 7更新到2. 6. 0。它引发了以下错误。

2021-12-07T08:40:22,311 ERROR [restartedMain] o.s.b.SpringApplication.reportFailure:819|| Application run failed org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'webSecurityConfig': 
The requested bean is currently in creation: Is there an unresolvable circular reference?
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.beforeSingletonCreation(DefaultSingletonBeanRegistry.java:355)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:227)

从spring-boot 2.6.0版本说明中可以清楚地看到，循环引用被禁用了。并且可以通过属性spring.main.allow-circular-references = true重新启用它。但是我想首先修复循环引用。有人能帮助我解决这个问题吗？请找到下面的WebSecurityConfig类，

@Configuration
@EnableWebSecurity
@SuppressWarnings({"PMD.SignatureDeclareThrowsException"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    private final UserDetailsService userDetailsService;

    public WebSecurityConfig(final UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    @Bean
    public BCryptPasswordEncoder bcryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                    .antMatchers("/resources/**", "/registration", "/css/**", "/js/**", "/h2-console/*").permitAll()
                    .anyRequest().authenticated().and()
                .formLogin()
                    .loginPage("/login").permitAll().and()
                .headers()
                    .frameOptions().sameOrigin().and()
                .logout()
                    .permitAll().and()
                .requiresChannel()
                    .requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null)
                    .requiresSecure();
    }

    @Autowired
    public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bcryptPasswordEncoder());
    }
}

我的代码是开源的，可以在https://github.com/surajcm/Poseidon上找到，我将尝试自己进行故障排除，如果我能够解决此问题，我将分享更新

spring-security

来源：https://stackoverflow.com/questions/70254555/spring-boot-2-6-0-error-creating-bean-with-name-websecurityconfig

3条答案

按热度按时间

ct2axkht1#

问题出在密码编码器上。需要构建自动配置的UserDetailsService，您可以在类的构造器中注入它。
您可以通过使Bean工厂方法static来打破循环：

@Bean
public static BCryptPasswordEncoder bcryptPasswordEncoder() {
    return new BCryptPasswordEncoder();
}

您也可以将工厂方法移到不同的配置类中，但在我看来，您的WebSecurityConfig是该方法的规范位置。

赞(0）回复(0）举报 2022-11-11

72qzrwbm2#

由于我收到一条评论说我正在进行自定义安全配置，这是一个不好的做法，我试图自己修复它。试图删除configureGlobal，并添加authenticationProvider bean代替。请查看下面的示例代码

@Configuration
@EnableWebSecurity
@SuppressWarnings({"PMD.SignatureDeclareThrowsException"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    private final UserDetailsService userDetailsService;

    public WebSecurityConfig(final UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    @Bean
    public BCryptPasswordEncoder bcryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        //http.headers().frameOptions().disable();
        http.csrf().disable();
        http
                .authorizeRequests()
                .antMatchers("/resources/**",
                        "/registration",
                        "/css/**", "/js/**", "/img/**",
                        "/h2-console/**",
                        "/console/**").permitAll()
                .and().headers().frameOptions().sameOrigin();
        http
                .authorizeRequests()
                .anyRequest().authenticated().and()
                .formLogin()
                .loginPage("/login").permitAll().and()
                .headers()
                .frameOptions().sameOrigin().and()
                .logout()
                .permitAll().and()
                .requiresChannel()
                .requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null)
                .requiresSecure();
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        var provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
        provider.setPasswordEncoder(bcryptPasswordEncoder());
        return provider;
    }
}

赞(0）回复(0）举报 2022-11-11

uemypmqf3#

我得到了一个类似的错误，原因是spring-security-config版本5和4都在类路径上。检查/刷新/更正您的依赖项。

赞(0）回复(0）举报 2022-11-11