禁用 Spring Security 导致无法加载应用程序上下文

Posted

技术标签:

【中文标题】禁用 Spring Security 导致无法加载应用程序上下文【英文标题】:Disabling Spring Security leads to Failed to load application context 【发布时间】:2021-09-13 22:56:20 【问题描述】:

我正在为 test 配置文件禁用 Spring Security,如下所示:

spring:
  config:
    activate:
      on-profile: test
  autoconfigure:
    exclude[0]: org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration
    exclude[1]: org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration

错误:

Failed to load ApplicationContext
java.lang.IllegalStateException: Failed to load ApplicationContext

Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/reactive/ReactiveOAuth2ClientConfigurations$ReactiveOAuth2ClientConfiguration$SecurityWebFilterChainConfiguration.class]: Unsatisfied dependency expressed through method 'springSecurityFilterChain' parameter 0; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'org.springframework.security.config.web.server.ServerHttpSecurity' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations:

【问题讨论】:

【参考方案1】:

我正在使用 okta-spring-boot-starter,这对我有用:

spring:
  autoconfigure:
    exclude:
      - org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration
      - org.springframework.boot.autoconfigure.security.oauth2.resource.reactive.ReactiveOAuth2ResourceServerAutoConfiguration
      - org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration

【讨论】:

【参考方案2】:

一个小说明,您没有禁用 Spring Security,而是禁用了 Spring Security 的 Spring Boot 自动配置。您可以在 Spring Boot reference documentation 中了解更多信息。

在您的配置中,您禁用了ReactiveSecurityAutoConfiguration,但ReactiveOAuth2ClientAutoConfiguration 仍处于启用状态,可能是因为您有诸如spring-boot-starter-oauth2-client 之类的依赖项。

如错误消息中所述,ReactiveOAuth2ClientAutoConfiguration 正在尝试创建 SecurityWebFilterChain bean,但无法注入所需的 ServerHttpSecurity bean,因为 ReactiveSecurityAutoConfiguration 已禁用。

要修复错误消息,您也可以禁用 OAuth 2.0 客户端自动配置。

spring:
 autoconfigure:
    exclude[0]: org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration
    exclude[1]: org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration
    exclude[2]: org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration

【讨论】:

以上是关于禁用 Spring Security 导致无法加载应用程序上下文的主要内容,如果未能解决你的问题,请参考以下文章

如何禁用 spring-security 登录屏幕?

无法在 Spring Boot 中禁用安全性 [重复]

Grails - grails-spring-security-rest - 无法从 application.yml 加载 jwt 机密

即使在 Spring Security 中禁用了会话,谷歌应用引擎也会检测到会话管理

Spring Security 与 HTTP 安全 header

Spring Boot Security 禁用安全性