spring 使用Sping Boot 时SecurityConfig中的循环依赖关系

qxgroojn 于 2022-12-17 发布在 Spring

关注(0)|答案(1)|浏览(176)

我尝试用 Boot 和SpringBootSecurity创建一个简单的登录模块。
在创建SecurityConfig的过程中发生的一个更新是一些类，如WebSecurityConfigurerAdapter，现在已弃用，因此我尝试以下代码来创建SecurityConfig，但不幸的是，我陷入了循环依赖。
实际上，我使用Lombok是为了尽量减少每次现场注射中@Autowired的使用。
我尝试了以下方法：
1.我为PasswordEncoder创建了另一个类，以避免在应用程序的其他部分使用Password Encoder时出现循环依赖。

错误消息。

Description:

The dependencies of some of the beans in the application context form a cycle:

┌──->──┐
|  securityConfig defined in file [C:\Users\jgeronimo\Documents\jp_geronimo\sample_projects\spring-security-tutorial\target\classes\com\workshop\application\config\SecurityConfig.class]
└──<-──┘

Action:

Despite circular references being allowed, the dependency cycle between beans could not be broken. Update your application to remove the dependency cycle.

安全配置.java

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {

    private final JwtAuthFilter jwtAuthFilter;

    private final JwtUserDetailsService userDetailsService;

    private final PasswordEncoder passwordEncoder;

    private final JwtAuthenticate jwtAuthenticate;

    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider());
    }

    @Bean
    public JwtAuthenticate jwtAuthenticationEntryPointBean() throws Exception{
        return new JwtAuthenticate();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .cors().and().csrf().disable()
                .authorizeHttpRequests()
                .requestMatchers("/**/auth/**")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .exceptionHandling().authenticationEntryPoint(jwtAuthenticate).and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        http.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        final DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(userDetailsService);
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
        return daoAuthenticationProvider;
    }

    @Bean
    public AuthenticationManager authenticationManager(
            AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

编码器配置

@Configuration
public class EncoderConfig {

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

spring

来源：https://stackoverflow.com/questions/74796019/circular-dependency-in-my-securityconfig-with-spring-boot

1条答案

按热度按时间

6kkfgxo01#

字段JwtAuthenticate jwtAuthenticate是多余的-请删除它。
构造SecurityFilterChain时，请参考生成JwtAuthenticate Bean的方法：

.exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPointBean())

赞(0）回复(0）举报 2022-12-17

我来回答

spring 使用Sping Boot 时SecurityConfig中的循环依赖关系

1条答案

相关问题

热门标签

最新问答