springboot集成security时报循环依赖问题,但是代码重写了一个bean
集成security后启动时报错如下图
两个文件的代码如下
AdminUserServiceImpl
package com.xjc.leleservice.impl;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.xjc.common.untils.JwtToken;
import com.xjc.common.untils.ResultUtils;
import com.xjc.entity.AdminUser;
import com.xjc.ldao.mapper.AdminUserMapper;
import com.xjc.leleservice.AdminUserService;
import com.xjc.vo.AdminUserLoginParamVO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;
@Service
public class AdminUserServiceImpl extends ServiceImpl<AdminUserMapper, AdminUser> implements AdminUserService {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private JwtToken jwtToken;
@Value("${jwt.tokenHeader}")
private String tokenHeader;
@Autowired
private AdminUserMapper adminUserMapper;
@Override
public ResultUtils login(AdminUserLoginParamVO adminUserLoginParamVO, HttpServletRequest request) {
//登录
UserDetails userDetails = userDetailsService.loadUserByUsername(adminUserLoginParamVO.getUsername());
if(null==userDetails||!passwordEncoder.matches(adminUserLoginParamVO.getPassword(), userDetails.getUsername())){
return new ResultUtils("207", "用户名或密码错误");
}
//更新登录对象
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
//获取token
String token = jwtToken.generateToken(userDetails);
Map result = new HashMap();
result.put("token", token);
result.put("tokenHeader", tokenHeader);
return new ResultUtils(request, "登录成功");
}
/**
* 根据用户名获取用户
* @param userName
* @return
*/
@Override
public AdminUser getAdminUser(String userName) {
QueryWrapper<AdminUser> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("user_name", userName);
AdminUser adminUser = adminUserMapper.selectOne(queryWrapper);
return adminUser;
}
}
SecurityConfig
package com.xjc.websecurity;
import com.xjc.common.handler.RestAuthorizationEntryPoint;
import com.xjc.common.handler.RestfulAccessDeniedHandler;
import com.xjc.entity.AdminUser;
import com.xjc.leleservice.AdminUserService;
import com.xjc.leleservice.filter.JwtAuthencationTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AdminUserService adminUserService;
@Autowired
private RestAuthorizationEntryPoint restAuthorizationEntryPoint;
@Autowired
private RestfulAccessDeniedHandler restfulAccessDeniedHandler;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
//基于token不需要session
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
//允许登录
.antMatchers("/login","/loginOut")
.permitAll()
//其余的全部拦截
.anyRequest()
.authenticated()
.and()
.headers()
.cacheControl();
//添加jwt拦截过滤器
http.addFilterBefore(jwtAuthencationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//添加自定义未授权和未登录结果返回
http.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler)
.authenticationEntryPoint(restAuthorizationEntryPoint);
}
@Bean
@Override
public UserDetailsService userDetailsService(){
return username -> {
AdminUser adminUser = adminUserService.getAdminUser(username);
if(adminUser!=null){
return adminUser;
}
return null;
};
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Bean
public JwtAuthencationTokenFilter jwtAuthencationTokenFilter(){
return new JwtAuthencationTokenFilter();
}
}
感觉没啥问题啊这个咋解决
你没发现你这个逻辑的问题?
AdminUserServiceImpl里面那一堆认证逻辑全删了,你那里只要做查询,不需要你画蛇添足去做这些
请问你这个问题怎么解决的呀?也遇到了
请问这个问题解决了?我也遇到这个问题,好几天了,就是弄不好
加个@Lazy
我的目前已经解决了。个人见解,不对请见谅:b站上教的云e办使用的springboot是2.3.x的,目前是2022年2月份,springboot已经更新到2.6.x了。我百度了一下,网上说springboot2.6.x 默认情况完全禁止Bean的循环引用。因此可能在创建springboot父工程的pom的时候,引入的版本过高,手动指定springboot的版本。
父工程的pom文件
org.springframework.boot
spring-boot-starter-parent
2.3.0.RELEASE
还有,父工程的pom依赖改了后,子工程的pom文件的parent标签的也要更改
子工程pom文件
org.springframework.boot
spring-boot-starter-parent
2.3.0.RELEASE