Spring Security 错误:java.lang.IllegalStateException: Can't configure anyRequest after itself
Posted
技术标签:
【中文标题】Spring Security 错误:java.lang.IllegalStateException: Can\'t configure anyRequest after itself【英文标题】:Spring Security Error: java.lang.IllegalStateException: Can't configure anyRequest after itselfSpring Security 错误:java.lang.IllegalStateException: Can't configure anyRequest after itself 【发布时间】:2020-03-19 02:28:55 【问题描述】:我在尝试启动 Spring Boot 应用程序时收到此错误,但我似乎无法弄清楚原因。非常感谢任何帮助。
org.springframework.beans.factory.BeanCreationException:在类路径资源 [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class] 中定义名称为“springSecurityFilterChain”的 bean 创建错误:通过工厂实例化 bean方法失败;嵌套异常是 org.springframework.beans.BeanInstantiationException:无法实例化 [javax.servlet.Filter]:工厂方法“springSecurityFilterChain”抛出异常;嵌套异常是 java.lang.IllegalStateException: Can't configure anyRequest after itself
在 super.configure(http) 方法中失败。 这是我的“SpringSecurityConfig.java”类
@Configuration
@EnableWebSecurity(debug = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter
@Autowired
private CustomUserDetailService customUserDetailsService;
@Bean
public JWTAuthenticationFilter jwtAuthenticationFilter()
return new JWTAuthenticationFilter();
@Override
protected void configure(HttpSecurity http) throws Exception
http
.cors()
.and()
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/auth/**").permitAll()
.anyRequest()
.authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
super.configure(http);
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder()
return new BCryptPasswordEncoder();
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception
return super.authenticationManagerBean();
完整的堆栈跟踪
org.springframework.beans.factory.BeanCreationException:在类路径资源 [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class] 中定义名称为“springSecurityFilterChain”的 bean 创建错误:通过工厂实例化 bean方法失败;嵌套异常是 org.springframework.beans.BeanInstantiationException:无法实例化 [javax.servlet.Filter]:工厂方法“springSecurityFilterChain”抛出异常;嵌套异常是 java.lang.IllegalStateException: Can't configure anyRequest after itself 在 org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:645) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:475) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1338) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1177) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:557) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:517) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:323) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:321) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:310) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:879) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:878) ~[spring-context-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550) ~[spring-context-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141) ~[spring-boot-2.2.1.RELEASE.jar:2.2.1.RELEASE] 在 org.springframework.boot.SpringApplication.refresh(SpringApplication.java:747) [spring-boot-2.2.1.RELEASE.jar:2.2.1.RELEASE] 在 org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397) [spring-boot-2.2.1.RELEASE.jar:2.2.1.RELEASE] 在 org.springframework.boot.SpringApplication.run(SpringApplication.java:315) [spring-boot-2.2.1.RELEASE.jar:2.2.1.RELEASE] 在 org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) [spring-boot-2.2.1.RELEASE.jar:2.2.1.RELEASE] 在 org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) [spring-boot-2.2.1.RELEASE.jar:2.2.1.RELEASE] 在 lk.apiit.eirlss.bnco_vehicle_rental_backend.BncoVehicleRentalBackendApplication.main(BncoVehicleRentalBackendApplication.java:10) [classes/:na] 在 sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131] 在 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131] 在 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131] 在 java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131] 在 org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) [spring-boot-devtools-2.2.1.RELEASE.jar:2.2.1.RELEASE] 引起:org.springframework.beans.BeanInstantiationException:无法实例化[javax.servlet.Filter]:工厂方法'springSecurityFilterChain'抛出异常;嵌套异常是 java.lang.IllegalStateException: Can't configure anyRequest after itself 在 org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:640) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] ...省略了26个常用框架 引起:java.lang.IllegalStateException: Can't configure anyRequest after its own 在 org.springframework.util.Assert.state(Assert.java:73) ~[spring-core-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry.anyRequest(AbstractRequestMatcherRegistry.java:74) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.configure(WebSecurityConfigurerAdapter.java:355) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 lk.apiit.eirlss.bnco_vehicle_rental_backend.Auth.Config.SpringSecurityConfig.configure(SpringSecurityConfig.java:43) ~[classes/:na] 在 org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:231) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:322) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:92) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 lk.apiit.eirlss.bnco_vehicle_rental_backend.Auth.Config.SpringSecurityConfig$$EnhancerBySpringCGLIB$$10db399e.init() ~[classes/:na] 在 org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:370) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:324) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104) ~[spring-security-config-5.2.1.RELEASE.jar:5.2.1.RELEASE] 在 sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_131] 在 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_131] 在 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_131] 在 java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_131] 在 org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.2.1.RELEASE.jar:5.2.1.RELEASE] ...省略了27个常用框架
【问题讨论】:
IllegalStateException 只是表面异常。下面还有其他问题。你能粘贴完整的堆栈跟踪吗?也许堆栈跟踪下面有 ClassCadtException。还希望将 .org.speingframework.security 的日志级别提高到 DEBUG 级别以获取更多信息 @SriniM,在你在评论中提到它之后,我添加了完整的堆栈跟踪。如果我能解决这个问题,那就太好了。感谢您的帮助:) 我可以给出的一个建议是开始在 configure() 方法中逐行注释掉,以查看是否有任何行导致此错误。 自从最新的spring-boot 更新之一以来,我遇到了类似的问题。遇到了同样的异常,在我的情况下,我的初始化代码中有两个anyRequest 调用,现在这似乎导致了一个异常,因为anyRequest 的源中有一个断言。在你的情况下,它可能是类似的,虽然你不完全这样做。
【参考方案1】:
您不应该调用super.configure(http),因为您想使用自定义安全配置。
错误是因为父 configure(http) 方法已经在调用 .authorizeRequests().anyRequest().authenticated() 并且正如错误消息中提到的那样
不能在自身之后配置任何Request
【讨论】:
谢谢。 @Eleftheria Stein-Kousathana,我的应用程序在注释掉 super.configure(http) 后工作。所以它是任何一个。以上是关于Spring Security 错误:java.lang.IllegalStateException: Can't configure anyRequest after itself的主要内容,如果未能解决你的问题,请参考以下文章
j_spring_security_check 404 JSF 登录错误