search

xkcoding / spring-boot-demo

🚀一个用来深入学习并实战 Spring Boot 的项目。
https://parg.co/UZM
MIT License
33.17k stars 10.89k forks source link

spring-boot-demo-rbac-security SecurityConfig类配置 #181

Closed dingyanwen closed 3 years ago

dingyanwen commented 3 years ago

使用springboot v2.3.4.RELEASE版本会出现如下bug

描述问题

spring-boot-demo-rbac-security SecurityConfig类配置 不能2次使用 anyRequest() 

// 所有请求都需要登录访问
.anyRequest()
.authenticated()
// RBAC 动态 url 认证
.anyRequest()
.access("@rbacAuthorityService.hasPermission(request,authentication)")

项目启动导致如下错误

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Can't configure anyRequest after itself
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
    at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:650)
    ... 22 common frames omitted
Caused by: java.lang.IllegalStateException: Can't configure anyRequest after itself
    at org.springframework.util.Assert.state(Assert.java:76)
    at org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry.anyRequest(AbstractRequestMatcherRegistry.java:74)
    at com.snowhite.config.SecurityConfig.configure(SecurityConfig.java:74)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:231)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:322)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:94)
    at com.snowhite.config.SecurityConfig$$EnhancerBySpringCGLIB$$b9250bbc.init(<generated>)
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:370)
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:324)
    at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
    ... 23 common frames omitted

解决办法

删除

// 所有请求都需要登录访问
.anyRequest()
.authenticated()

直接使用请求头有没有带入Token进行登录验证,用RBAC进行权限认证