当我启动我的应用程序时,出现以下错误。我不确定如何在这里设置主要 bean。
AnnotationConfigServletWebServerApplicationContext |例外 上下文初始化期间遇到 - 取消刷新 试图: org.springframework.beans.factory.UnsatisfiedDependencyException: 使用名称创建 bean 时出错 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': 通过字段“httpSecurity”表示不满足的依赖关系:错误 创建带有名称的bean 'org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.httpSecurity' 定义于 org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration: 实例化失败 [org.springframework.security.config.annotation.web.builders.HttpSecurity]: 工厂方法“httpSecurity”抛出异常并显示消息:Found 3 类型接口的bean org.springframework.security.authentication.AuthenticationManager,但是 没有标记为主要
当我将应用程序升级到 Tomcat 10 和 spring 6 时,通常会发生这种情况。
下面是记录的 3 个 bean 名称: org.springframework.security.authenticationManager : org.springframework.security.authentication.ProviderManager org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0 : org.springframework.security.authentication.ProviderManager org.springframework.security.config.http.HttpSecurityBeanDefinitionParser$ChildAuthenticationManagerFactoryBean#0 : org.springframework.security.authentication.ProviderManager
下面是我的 Spring-security-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd">
<context:property-placeholder/>
<security:global-method-security pre-post-annotations="enabled"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="authProvider"/>
</security:authentication-manager>
<bean id="http403ForbiddenEntryPoint"
class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
<bean id="authProvider" class="com.abc.security.AuthenticationProvider" primary="true"/>
<bean id="validateSessionService" class="com.abc.authserviceclient.ValidateSessionService">
<constructor-arg name="serviceUrl" value="${security.session.service.url}"/>
</bean>
<bean id="preauthFilter" class="com.abc.security.AuthenticationFilter">
<constructor-arg name="productID" value="${security.productId}"/>
<constructor-arg name="appURL" value="${security.appURL}"/>
<constructor-arg name="requestValidation" ref="requestValidation"/>
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<security:http auto-config="false" create-session="stateless" entry-point-ref="http403ForbiddenEntryPoint">
<security:csrf token-repository-ref="csrfTokenRepository" disabled="true"/>
<security:intercept-url pattern="/metrics/healthcheck" access="permitAll"/>
<security:intercept-url pattern="/validation/healthcheck" access="permitAll"/>
<security:intercept-url pattern="/actuator/info" access="permitAll"/>
<security:intercept-url pattern="/actuator/health" access="permitAll"/>
<security:intercept-url pattern="/error" access="permitAll"/>
<security:intercept-url pattern="/" access="isAuthenticated()"/>
<security:custom-filter position="PRE_AUTH_FILTER" ref="preauthFilter"/>
<security:custom-filter before="CSRF_FILTER" ref="csrfHeaderPreFilter"/>
<security:custom-filter after="CSRF_FILTER" ref="csrfHeaderFilter"/>
</security:http>
<bean id="requestValidation"
class="com.abc.security.validation.MockedRequestValidation"/>
<bean id="csrfHeaderFilter" class="com.abc.security.validation.MockedCsrfHeaderFilter">
<!-- <constructor-arg name="csrfDisabled" value="true"/>-->
</bean>
<bean id="csrfHeaderPreFilter"
class="com.abc.security.validation.MockedCsrfHeaderPreFilter">
<!-- <constructor-arg name="cookieCsrfTokenRepository" ref="csrfTokenRepository"/>-->
<!-- <constructor-arg name="csrfDisabled" value="true"/>-->
</bean>
<bean id="csrfTokenRepository" class="org.springframework.security.web.csrf.CookieCsrfTokenRepository">
<property name="headerName" value="X-XSRF-TOKEN"/>
<property name="cookieHttpOnly" value="false"/>
</bean>
<bean id="certificateExtractor"
class="com.abc.security.certificate.MockCertificateExtractor"/>
</beans>
尝试创建一个主要身份验证管理器并在
http<bean name="authManager"
class="org.springframework.security.authentication.ProviderManager"
primary="true">
<constructor-arg>
<list>
<ref bean="authProvider"/>
</list>
</constructor-arg>
</bean>
<security:http ... authentication-manager-ref="authManager">
...
</secuirty:http>