Spring Security Error: java.lang.IllegalStateException: Can't configure anyRequest after itself [SpringBoot update 2.1.4 -> 2.3.11]
Spring Security Error: java.lang.IllegalStateException: Can't configure anyRequest after itself [SpringBoot update 2.1.4 -> 2.3.11]
我正在更新我现有的 springboot 项目,从 2.1.4 -> 2.3.11
扩展WebSecurityConfigurerAdapter的class退出代码如下
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated()
.and().cors().disable()
.httpBasic().authenticationEntryPoint(authenticationEntryPoint())
.and()
.exceptionHandling()
.and().csrf().disable()
.addFilterBefore(new GenericFilter(), ChannelProcessingFilter.class)
.addFilterBefore(new SomeTokenFilter(tokensService), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests().anyRequest().authenticated();
}
这是一个现有的代码,在更新之前可以正常工作。更新后,我在应用程序启动时收到以下日志:
Caused by: java.lang.IllegalStateException: Can't configure anyRequest after itself
at org.springframework.util.Assert.state(Assert.java:76) ~[spring-core-5.2.15.RELEASE.jar:5.2.15.RELEASE]
at org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry.anyRequest(AbstractRequestMatcherRegistry.java:74) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at com.moglix.wms.config.SecurityConfig.configure(SecurityConfig.java:48) ~[classes/:na]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:231) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:322) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:94) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at com.moglix.wms.config.SecurityConfig$$EnhancerBySpringCGLIB$78b12e.init(<generated>) ~[classes/:na]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:370) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:324) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE
问题是您的配置中有 2 次 anyRequest()。这是 no longer allowed 从 Spring Security 5.2 开始。
我正在更新我现有的 springboot 项目,从 2.1.4 -> 2.3.11
扩展WebSecurityConfigurerAdapter的class退出代码如下
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated()
.and().cors().disable()
.httpBasic().authenticationEntryPoint(authenticationEntryPoint())
.and()
.exceptionHandling()
.and().csrf().disable()
.addFilterBefore(new GenericFilter(), ChannelProcessingFilter.class)
.addFilterBefore(new SomeTokenFilter(tokensService), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests().anyRequest().authenticated();
}
这是一个现有的代码,在更新之前可以正常工作。更新后,我在应用程序启动时收到以下日志:
Caused by: java.lang.IllegalStateException: Can't configure anyRequest after itself
at org.springframework.util.Assert.state(Assert.java:76) ~[spring-core-5.2.15.RELEASE.jar:5.2.15.RELEASE]
at org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry.anyRequest(AbstractRequestMatcherRegistry.java:74) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at com.moglix.wms.config.SecurityConfig.configure(SecurityConfig.java:48) ~[classes/:na]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:231) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:322) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:94) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at com.moglix.wms.config.SecurityConfig$$EnhancerBySpringCGLIB$78b12e.init(<generated>) ~[classes/:na]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:370) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:324) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104) ~[spring-security-config-5.3.9.RELEASE.jar:5.3.9.RELEASE
问题是您的配置中有 2 次 anyRequest()。这是 no longer allowed 从 Spring Security 5.2 开始。