我试图在我的Spring Security配置中注册多个过滤器,但是我总是得到相同的异常:
04-Nov-2015 14:35:23.792 WARNING [RMI TCP Connection(3)-127.0.0.1]
org.springframework.web.context.support.AnnotationConfigWebApplicationContext.refresh
Exception encountered during context initialization – cancelling
refresh attempt
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name
‘org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration’:
Injection of autowired dependencies failed; nested exception is
java.lang.IllegalStateException: @Order on WebSecurityConfigurers must
be unique. Order of 100 was already used, so it cannot be used on
com.payment21.webapp.MultiHttpSecurityConfig$ApiWebSecurityConfigurationAdapter$$EnhancerBySpringCGLIB$$35c79fe4@1d381684
too.
由于我自己的尝试不起作用,我尝试了完全相同的代码,如Spring Security reference所示:
@EnableWebSecurity
public class MultiHttpSecurityConfig {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
}
}
@Configuration
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin();
}
}
}
为了隔离错误,我尝试用基于Java的方法替换web.xml,但它也没有用.我不知道出了什么问题,这是错误的吗?我的应用程序中的某些东西可以搞乱配置吗?系统正常启动,除非我注册了第二个WebSecurityConfigAdapter.
这些是我的依赖:
compile 'org.springframework:spring-webmvc:4.2.2.RELEASE'
compile 'org.springframework:spring-messaging:4.2.2.RELEASE'
compile 'org.springframework:spring-websocket:4.2.2.RELEASE'
compile 'org.springframework:spring-aop:4.2.2.RELEASE'
compile'javax.servlet:javax.servlet-api:3.0.1'
compile 'org.springframework.security:spring-security-web:4.0.3.RELEASE'
compile 'org.springframework.security:spring-security-config:4.0.3.RELEASE'