解決spring security與corsFilter衝突的問題

原創 Afox4l 2019-04-11 18:35

問題:
在springboot項目中,使用了corsFilter進行跨域處理,相關代碼配置如下:

@Configuration
public class MyConfiguration {
    @Bean
    public FilterRegistrationBean corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", config);
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
        bean.setOrder(0);
        return bean;
    }
}

一運行代碼就會報如下異常:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is org.springframework.beans.factory.BeanNotOfRequiredTypeException: Bean named 'corsFilter' is expected to be of type 'org.springframework.web.filter.CorsFilter' but was actually of type 'org.springframework.boot.web.servlet.FilterRegistrationBean'
	at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:590) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1247) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1096) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:535) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:495) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:304) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:759) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:869) ~[spring-context-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550) ~[spring-context-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) ~[spring-boot-2.0.4.RELEASE.jar:2.0.4.RELEASE]
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:762) [spring-boot-2.0.4.RELEASE.jar:2.0.4.RELEASE]
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:398) [spring-boot-2.0.4.RELEASE.jar:2.0.4.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:330) [spring-boot-2.0.4.RELEASE.jar:2.0.4.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1258) [spring-boot-2.0.4.RELEASE.jar:2.0.4.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1246) [spring-boot-2.0.4.RELEASE.jar:2.0.4.RELEASE]
	at com.juzipower.UserCenterApplication.main(UserCenterApplication.java:20) [classes/:na]
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is org.springframework.beans.factory.BeanNotOfRequiredTypeException: Bean named 'corsFilter' is expected to be of type 'org.springframework.web.filter.CorsFilter' but was actually of type 'org.springframework.boot.web.servlet.FilterRegistrationBean'
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:582) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	... 20 common frames omitted
Caused by: org.springframework.beans.factory.BeanNotOfRequiredTypeException: Bean named 'corsFilter' is expected to be of type 'org.springframework.web.filter.CorsFilter' but was actually of type 'org.springframework.boot.web.servlet.FilterRegistrationBean'
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:389) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:204) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1095) ~[spring-context-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.security.config.annotation.web.configurers.CorsConfigurer.getCorsFilter(CorsConfigurer.java:83) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.web.configurers.CorsConfigurer.configure(CorsConfigurer.java:66) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.web.configurers.CorsConfigurer.configure(CorsConfigurer.java:39) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:384) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:330) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:292) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:79) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:334) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$8f965001.CGLIB$springSecurityFilterChain$3(<generated>) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$8f965001$$FastClassBySpringCGLIB$$fffb3752.invoke(<generated>) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:361) ~[spring-context-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$8f965001.springSecurityFilterChain(<generated>) ~[spring-security-config-5.0.7.RELEASE.jar:5.0.7.RELEASE]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_171]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_171]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_171]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_171]
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	... 21 common frames omitted

顯示spring security 與corfFilter衝突。

解決方案:
將原來的配置文件刪除,新增一個如下的filter:

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class AjaxCorsFilter extends CorsFilter {
    public AjaxCorsFilter() {
        super(configurationSource());
    }

    private static UrlBasedCorsConfigurationSource configurationSource() {
        CorsConfiguration corsConfig = new CorsConfiguration();
        List<String> allowedHeaders = Arrays.asList("x-auth-token", "content-type", "X-Requested-With", "XMLHttpRequest");
        List<String> exposedHeaders = Arrays.asList("x-auth-token", "content-type", "X-Requested-With", "XMLHttpRequest");
        List<String> allowedMethods = Arrays.asList("POST", "GET", "DELETE", "PUT", "OPTIONS");
        List<String> allowedOrigins = Arrays.asList("*");
        corsConfig.setAllowedHeaders(allowedHeaders);
        corsConfig.setAllowedMethods(allowedMethods);
        corsConfig.setAllowedOrigins(allowedOrigins);
        corsConfig.setExposedHeaders(exposedHeaders);
        corsConfig.setMaxAge(36000L);
        corsConfig.setAllowCredentials(true);

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", corsConfig);
       return source;
    }
}

修改後代碼正常運行,跨域問題也解決。

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

springsecurity provider啓動順序

spring security對於用戶身份的判斷是通過一系列的過濾器來完成的,如果你採用的是自定義過濾器鏈的方式來實現自己的需求,那麼需要特別注意過濾器鏈的順序問題。 但是除了過濾器的順序,還有一個特別需要注意的,就是provider

shareCode_ 2020-07-02 11:19:57

spring boot 2.2.2 中禁用 spring security

只要在 spring boot 中加入 spring security 就會自動啓用七安全機制,默認每次訪問接口都會進行驗證。但是由於某些原因,不想使用 spring security,可以選擇禁用 spring security

ChaseDreamBoy 2020-07-07 07:25:52

(二)基於數據庫的認證與授權

環境準備 controller @RestController @RequestMapping("/api/admin") public class AdminController { @GetMapping("/hel

西红柿鸡蛋打卤面 2020-07-05 23:15:39

(一)創建簡單的Spring security 項目

參考:陳木鑫老師的《Spring Security 實戰》 創建spring boot項目 通過Intellij IDEA創建Spring Boot項目的方式有許多種,其中最簡單的方式就是使用Spring Initializr 工

西红柿鸡蛋打卤面 2020-07-05 23:15:39

spring security報錯解決:IllegalArgumentException:There is no PasswordEncoder mapped for the id "null"

報錯信息:java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id “null” 頁面毫無響應 後臺彙報錯誤:java.la

南风~~~ 2020-07-05 17:06:59

springboot 2.0 集成 Spring Security進行安全控制

添加依賴 <!-- spring security 權限框架依賴 --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-

瘦_猴 2020-07-05 08:08:47

無法對自定義的securityMetadataSource進行注入

在做spring security3的另一種配置方式,測試時,無法對自定義的securityMetadataSource進行注入想要使用的dao處理,後來調試發現注入進去時null,對於注入進來的是獲取不到的,利用構造可以解決, 解決方案

steryzone 2020-07-04 17:45:55

SpringSecurityOAuth開發app認證框架

令牌的表現形式就是一個字符串 文章目錄服務提供商的實現認證服務器demo pom 文件中引入app模塊依賴 使正常啓動實現認證服務器WhaleAuthenticationSecurityConfig授權碼模式的請求參數Use

神奇小白 2020-07-04 01:46:13

使用JWT替換默認令牌token

文章目錄JSON Web Token (JWT)自包含token的創建總結密籤可擴展替換默認tokenTokenStoreConfigWhaleAuthenticationServiceConfigOAuth2Properties

神奇小白 2020-07-04 01:46:13

Spring security5 集成swagger2 無法訪問的問題。

主要還是spring security把 swagger需要訪問的URL被攔截,不只是swagger-ui.html這個URL 查找網上的解決方案沒一個好用的,然後自己在跳轉重定向的方法裏打印了引發跳轉的URL,一個一個試出來的老鐵。累屁

FS小山 2020-07-03 19:32:49

Spring Security 3.x 完整入門教程(轉)

Spring Security 3.x 出來一段時間了,跟Acegi是大不同了,與2.x的版本也有一些小小的區別,網上有一些文檔,也有人翻譯Spri

oEveryman 2020-07-03 05:57:38

Spring Security 分佈式認證

目錄標題相關介紹公共模塊認證模塊資源模塊 相關介紹 1)JWT JWT:全稱 JSON Web Token,是一個分佈式身份校驗方案,可生產 token,也可解析 token JWT生成的 token 由三部分組成: 頭部:主要

爱游戏爱动漫的肥宅 2020-07-03 05:34:24

BCrypt初體驗之加密與驗證

版權聲明:本文爲 小異常 原創文章,非商用自由轉載-保持署名-註明出處,謝謝! 本文網址:https://blog.csdn.net/sun8112133/article/details/107057062 BCryp

小异常 2020-07-02 20:33:30

關於There is no PasswordEncoder mapped for the id null的報錯

版權聲明:本文爲 小異常 原創文章,非商用自由轉載-保持署名-註明出處,謝謝! 本文網址:https://blog.csdn.net/sun8112133/article/details/107056906 最近在做 Sp

小异常 2020-07-02 20:33:29

Spring Security4.0.3源碼分析之FilterChainProxy執行過程分析

最近在學習安全框架spring Security,想弄清楚其中實現的具體步驟,於是下定決心,研究一下Spring Security源碼,這篇博客的目的是想把學習過程記錄下來。學習過程中主要參考了http://dead-knight

RobertoHuang 2020-07-01 18:11:32