在类路径资源3中定义的'springSecurityFilterChain' bean创建错误。

Question

在类路径资源3中定义的'springSecurityFilterChain' bean创建错误。

javaspringspring-mvcspring-bootspring-security

4

由于我刚开始学习Spring和Spring Security，并且正在跟随一些YouTube教程，我编写了完全相同的代码并出现了上述错误。

错误信息

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:625) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:456) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1287) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1126) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:538) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:498) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:320) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:318) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:307) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:848) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:865) ~[spring-context-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:548) ~[spring-context-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) ~[spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:797) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:421) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:340) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1291) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1279) [spring-boot-2.1.0.BUILD-SNAPSHOT.jar:2.1.0.BUILD-SNAPSHOT]
at com.spring.security.SpringsecurityApplication.main(SpringsecurityApplication.java:12) [classes/:na]
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:620) ~[spring-beans-5.1.0.RELEASE.jar:5.1.0.RELEASE]
... 21 common frames omitted
Caused by: java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection
at org.springframework.util.Assert.notNull(Assert.java:198) ~[spring-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.core.userdetails.User.sortAuthorities(User.java:163) ~[spring-security-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.core.userdetails.User.<init>(User.java:123) ~[spring-security-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.core.userdetails.User$UserBuilder.build(User.java:535) ~[spring-security-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer$UserDetailsBuilder.build(UserDetailsManagerConfigurer.java:279) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.initUserDetailsService(UserDetailsManagerConfigurer.java:60) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer.configure(UserDetailsServiceConfigurer.java:47) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer.configure(UserDetailsServiceConfigurer.java:34) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:384) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:330) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:201) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:321) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:92) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at com.spring.security.config.SecurityConfiguration$$EnhancerBySpringCGLIB$$1d8d4c86.init(<generated>) ~[classes/:na]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:371) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$efe529b0.CGLIB$springSecurityFilterChain$1(<generated>) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$efe529b0$$FastClassBySpringCGLIB$$8d960911.invoke(<generated>) ~[spring-security-config-5.1.0.RELEASE.jar:5.1.0.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244) ~[spring-core-5.1.0.RELEASE.jar:5.1.0.RELEASE]

安全配置文件

@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
    .withUser("abhi").password("test").and()
    .withUser("kumar").password("test2");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.authorizeRequests()
    .anyRequest()
    .fullyAuthenticated()
    .and().httpBasic();
    httpSecurity.csrf().disable();

}}

我也参考了类似的问题，但是没有解决我的错误。这是我第一次使用 Spring Security 编写程序。

- Abhishek Kumar

1

根据您收到的错误，看起来您需要为定义的用户分配一个角色。请查看此答案 https://dev59.com/vuk6XIcBkEYKwwoYBvTb - Madhu Bhat

谢谢@madhu，但为什么要用角色？你能解释一下吗？ - Abhishek Kumar

我在我的回答中已经解释了。这是否澄清了您的疑问并回答了您的问题？ - Madhu Bhat

4个回答

2

如果您希望允许所有用户角色，请使用以下代码，但是角色必须为空。更改它，您就可以使用了。

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("abhi").password("test").roles("")
                 .and()
                .withUser("kumar").password("test2").roles("");
    }

- kj007

谢谢@kj007，但为什么需要角色呢？因为每个用户都不能是管理员或普通用户，希望你能理解我想说的话。你能解释一下吗？ - Abhishek Kumar

只有Grand Authority不能为null，如果没有用户角色，则可以传递空值。因为当进行比较时，如果为null会抛出错误，所以在您的情况下，请按照我的答案建议传递空值。 - kj007

0

为了避免出现“无法传递空的GrantedAuthority集合”错误，您必须为每个用户分配用户角色，如.roles("USER")。

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
    .withUser("abhi").password("test").roles("USER")
    .and()
    .withUser("kumar").password("test2").roles("USER");
}

- benjamin c

谢谢@benjamin，但为什么要用角色？你能解释一下吗？ - Abhishek Kumar

-3

从类中删除 "extends WebSecurityConfigurerAdapter" 和 @override，程序将编译 :)

- Sunil S K

我正在学习Spring Boot，并在教程中发现一些已经过时的内容。如果有人能够推荐任何资源来保持与Spring Security的最新动态，那将非常棒。 - Ronit Pandey

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Madhu Bhat · Accepted Answer

当你使用auth.inMemoryAuthentication().withUser重写configure(AuthenticationManagerBuilder auth)方法时，实际上是创建了一个新的用户（类型为org.springframework.security.core.userdetails.User）。

每当需要创建并添加新的用户对象到spring security生态系统中时，需要3个非空参数。它们是：

String username
String password
Collection<? extends GrantedAuthority> authorities

因此，当您使用withUser(String username)和password(String password)提供用户名和密码时，还必须使用roles(String... roles)、authorities(GrantedAuthority... authorities)、authorities(List<? extends GrantedAuthority> authorities)或authorities(String... authorities)之一来向用户提供权限。对于您来说，最简单的方法是使用roles(String... roles)方法并提供所需的角色，如role("USER")，或者如果您不想提供任何角色，只需使用role("")即可将一个空集合传递给用户对象的Collection<? extends GrantedAuthority> authorities属性。因此，您需要按照以下方式修改configure方法：

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
     .withUser("abhi").password("test").roles("") //or .roles("USER")
     .and()
     .withUser("kumar").password("test2").roles(""); //or .roles("USER")
}

以下内容来自org.springframework.security.core.userdetails.User的文档：

如果将null值作为参数或作为GrantedAuthority集合中的元素传递，则会抛出IllegalArgumentException异常。