在Spring Boot 2.1.1中,当扩展GlobalMethodSecurityConfiguration时出现“methodSecurityInterceptor已定义”的错误。

13

我正在覆盖GlobalMethodSecurityConfiguration类的一个方法:protected MethodSecurityExpressionHandler createExpressionHandler()

当我尝试运行应用程序时,我得到以下错误:

描述:

在类路径资源[org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.class]中定义的bean 'methodSecurityInterceptor'无法注册。在类路径资源[com/testing/config/MyMethodSecurityConfig.class]中已经定义了该名称的bean,并且禁用了重写。

操作:

考虑将其中一个bean重新命名或通过设置spring.main.allow-bean-definition-overriding=true来启用重写

配置类

我没有覆盖基本方法,为什么会这样做?如何覆盖MethodSecurityExpressionHandler而不出现此错误?

import com.testing.AadMethodSecurityExpressionHandler;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class MyMethodSecurityConfig extends GlobalMethodSecurityConfiguration
{
    @Override
    protected MethodSecurityExpressionHandler createExpressionHandler()
    {
        return new MyMethodSecurityExpressionHandler();
    }
}

表达式处理程序

import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations;
import org.springframework.security.core.Authentication;

public class MyMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler
{
    @Override
    protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation)
    {
        MyMethodSecurityExpressionRoot root = new MyMethodSecurityExpressionRoot( authentication );
        root.setPermissionEvaluator( getPermissionEvaluator() );
        root.setTrustResolver( getTrustResolver() );
        root.setRoleHierarchy( getRoleHierarchy() );

        return root;
    }
}

表达式根

import org.springframework.security.access.expression.SecurityExpressionRoot;
import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations;
import org.springframework.security.core.Authentication;

public class MyMethodSecurityExpressionRoot extends SecurityExpressionRoot implements MethodSecurityExpressionOperations
{
    private Object filterObject;
    private Object returnObject;
    private Object target;

    public MyMethodSecurityExpressionRoot(Authentication a)
    {
        super( a );
    }

    @Override
    public void setDefaultRolePrefix(String defaultRolePrefix)
    {
        //Simple test to see if this works
        super.setDefaultRolePrefix( "" );
    }

    public void setFilterObject(Object filterObject)
    {
        this.filterObject = filterObject;
    }

    public Object getFilterObject()
    {
        return filterObject;
    }

    public void setReturnObject(Object returnObject)
    {
        this.returnObject = returnObject;
    }

    public Object getReturnObject()
    {
        return returnObject;
    }

    void setThis(Object target)
    {
        this.target = target;
    }

    public Object getThis()
    {
        return target;
    }
}
3个回答

47

对于遇到这个问题的人,解决方法是删除我在设置的WebSecurityConfigurer上配置的重复的@EnableGlobalMethodSecurity注释。


1

我通过合并两个配置类来解决了这个问题。

@EnableWebSecurity
public class SecurityConfig {

    @Configuration
    @RequiredArgsConstructor
    @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
    public static class GlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
        
        private final ApplicationContext applicationContext;

        @Override
        protected MethodSecurityExpressionHandler createExpressionHandler() {
            var expressionHandler = new CustomMethodSecurityExpressionHandler();
            expressionHandler.setApplicationContext(applicationContext);

            return expressionHandler;
        }
    }

    @Configuration
    public static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            //http config
        }

    }
}

Spring 文档 中所建议的


-1
下面的解决方案对我有用。
在您的application.yml或application.properties中设置以下键和值
application.yml spring: main: allow-bean-definition-overriding: true

application.properties

spring.main.allow-bean-definition-overriding=true


网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接