标签: spring-java-config

我正在使用java配置@ComponentScan来初始化我的bean并@EnableAspectJAutoProxy(proxyTargetClass=true)使用cglib代理.

在这个项目中,我们使用了很多生成的服务@Autowired.它工作得很好.

但是,对于我添加的其中一些服务@Async(我也在@EnableAsync(proxyTargetClass = true)我的@Configuration课程中添加了).

在那之后,我得到:

Caused by: org.springframework.beans.factory.BeanCurrentlyInCreationException: Error creating bean with name 'ConversationUserLocalService': Bean with name 'ConversationUserLocalService' has been injected into other beans [ConversationUserHistoryLocalService] i
n its raw version as part of a circular reference, but has eventually been wrapped. This means that said other beans do not use the final version of the bean. This is often the result of over-eager type matching - consider …

我正在尝试在方法级别定义访问规则,但它无法正常工作.

SecurityConfiguration

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().
                withUser("user").password("user").roles("USER").and().
                withUser("admin").password("admin").roles("ADMIN");
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers("/v2/**").authenticated()
                .and()
                .httpBasic()
                .realmName("Secure api")
                .and()
                .csrf()
                .disable();
    }
}

ExampleController

@EnableAutoConfiguration
@RestController
@RequestMapping({"/v2/"})
public class ExampleController {
    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
    @RequestMapping(value = "/home", method = RequestMethod.GET)
    String home() {
        return "Hello World";
    }
}

每当我尝试访问/ v2/home使用user:user它执行得很好,它不应该给我一个访问被拒绝错误,因为'用户'没有ROLE_ADMIN？

我实际上是在考虑在方法级别放弃访问规则并坚持使用http()ant规则,但我必须知道它为什么不适合我.

请告诉我哪里有问题？这是我的项目:https://github.com/intrade/inventory 我尝试使用java配置启用Spring安全性,当我尝试将类型的依赖项MyCustomUserDetailsService注入我的SecurityConfig类时,我得到一个异常:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfig': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.springapp.mvc.services.MyCustomUserDetailsService com.springapp.mvc.InitApp.SecurityConfig.myCustomUserDetailsService; nested exception is java.lang.IllegalArgumentException: Can not set com.springapp.mvc.services.MyCustomUserDetailsService field com.springapp.mvc.InitApp.SecurityConfig.myCustomUserDetailsService to com.sun.proxy.$Proxy38
    at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:288)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1120)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:522)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:461)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:292)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:607)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:932)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:383)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4887)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5381)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) …

如何使用Spring Security with Java Configurations定义自定义身份验证提供程序？我想在我自己的数据库上执行登录检查凭据.

我的项目包括两个不同的部分,一个JSF管理面板和一个RESTfull服务.我正在尝试设置spring security以使用不同的身份验证方法,具体取决于用户导航的URL.

要求是

• 导航到JSF页面的用户获得一个登录屏幕,他们使用表单身份验证进行身份验证.
• 导航到REST服务的用户使用OAuth2隐式身份验证和基本身份验证进行令牌授予.

单独的配置单独工作,问题是当我尝试在一个配置中组合它们时,在这种情况下,似乎REST提供程序阻碍并验证每个请求,即使请求转到管理URL(这从春季安全订购中记录).

我的示例配置如下所示:

• 对于表单登录(JSF)

  @Override
  @Order(1)
  protected void configure(HttpSecurity http) throws Exception {
  http
          .csrf().disable()
          .authorizeRequests()
          .antMatchers("/resources/**").permitAll()
          .antMatchers("/templates/**").permitAll()
          .antMatchers("/401.html").permitAll()
          .antMatchers("/404.html").permitAll()
          .antMatchers("/500.html").permitAll()
          .antMatchers("/api/**").permitAll()
          .antMatchers("/ui/admin.xhtml").hasAnyAuthority("admin", "ADMIN")
          .antMatchers("/thymeleaf").hasAnyAuthority("admin", "ADMIN")
          //.anyRequest().authenticated()
          .and()
          .formLogin()
          .loginPage("/login")
          .defaultSuccessUrl("/ui/index.xhtml")
          .failureUrl("/login?error=1")
          .permitAll()
          .and()
          .logout()
          .permitAll()
          .and()
          .rememberMe()
          .and().exceptionHandling().accessDeniedPage("/error/403");
  

  Run Code Online (Sandbox Code Playgroud)

• OAuth2安全配置(REST)

  @EnableResourceServer
  @Order(2)
  public class RestSecurityConfig extends WebSecurityConfigurerAdapter {
  
      @Inject
      private UserRepository userRepository;
  
      @Inject
      private PasswordEncoder passwordEncoder;
  
      @Bean
      ApplicationListener<AbstractAuthorizationEvent> loggerBean() {
          return new AuthenticationLoggerListener();
      }
  
      @Bean
      AccessDeniedHandler accessDeniedHandler() {
          return new AccessDeniedExceptionHandler();
      }
  
      @Bean
      AuthenticationEntryPoint entryPointBean() { …

  Run Code Online (Sandbox Code Playgroud)

我们使用的是weblogic版本12C.重现问题的步骤: -

1. 创建数据源.
2. 将应用程序部署到weblogic.
3. 应用程序正常.
4. 使用新的耳朵更新已部署的耳朵.
5. 应用程序无法连接数据源.
6. 数据源在JNDI树中不可用.

我们需要每次都创建一个新的数据源,或者再次保存数据源设置.

如果您知道某种解决方案,有人可以检查并告诉我吗？

尝试使用Tomcat 7 Maven插件和CXF 2.7.8部署JAX-WS端点.作为优先选择,我不想为Spring或CXF提供任何XML配置.我看到几个博客,文章,帖子使用cxf-servlet.xml 和CXFServlet,但没有任何完全使用Java配置.查看CXFServlet源代码,它会cxf-servlet.xml在密钥下查找servlet上下文中的任何内容'config-location'.我尝试以编程方式注册端点而不是in cxf-servlet.xml,但它不起作用; 我在访问该服务时获得了404.有任何想法吗？

@Configuration
@ImportResource({ "classpath:META-INF/cxf/cxf.xml" })
public class CXFConfig {
    @Autowired
    Bus cxfBus;

    // More code

    @Bean
    public Endpoint calculator() {
        EndpointImpl endpoint = new EndpointImpl(cxfBus, new Calculator());
        endpoint.setAddress("/CalculatorService");
        return endpoint;
    }
}

如何使用基于纯注释的方法(根据Java配置规则)发送Spring 4(和Spring Boot)的电子邮件？

我正在使用spring-security-javaconfig库来实现Spring安全性.如果我使用xml配置文件,我会使用类似这样的内容来定义自定义访问被拒绝页面:

<http auto-config="true">
    <intercept-url pattern="/admin*" access="ROLE_ADMIN" />
    <access-denied-handler ref="accessDeniedHandler"/>
</http>

到目前为止,这是我的安全配置类:

@Configuration
@EnableWebSecurity
public class SecurityConfigurator extends WebSecurityConfigurerAdapter {

    @Override
    protected void registerAuthentication(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
        auth.inMemoryAuthentication().withUser("admin").password("password").roles("ADMIN");

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeUrls().antMatchers( "/admin").hasRole("ADMIN");
    }
}

我已经将基于Spring 4.0的项目从xml转换为javaconfig.

在初始化时,我的一个bean需要访问Hibernate以通过Spring @Service(buildingService)从DB获取一些配置数据.bean初始化如下所示:

@Bean
@DependsOn({ "transactionManager", "webSocketHandler", "buildingService" })
Smarty smarty() {
    Smarty bean = new Smarty();
    bean.init(); // I also tried @Bean(initMethod = "init") with no difference
    return bean;
}

问题在于,在bean.init()访问服务时,服务失败了NullPointerException.

我补充说buildingService,@DependsOn但没有帮助.

可能在@Service注释后的类被处理了@Bean!？

我可以自己初始化@Service-annotated类吗？

编辑1

感谢所有反馈!

我需要添加一些细节:

buildingService不是@Bean,它是,嗯,a @Service,看起来像这样:

@Service("buildingService")
@Transactional
public class BuildingService {

...

    public List<Building> getAll() {
        final Session session = sessionFactory.getCurrentSession();
        final Query query = …