新建类 customFilterSecurityInterceptor ,重写FilterSecurityInterceptor 拦截器,,项目启动报错:
org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'customFilterSecurityInterceptor' defined in file [D:\project\zuoye\gowin-admin\admin-common\target\classes\com\itutorgroup\admin\common\config\CustomFilterSecurityInterceptor.class]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: An AccessDecisionManager is required
```java
@Component
@Slf4j
public class CustomFilterSecurityInterceptor extends FilterSecurityInterceptor {
@Resource
private AccessDecisionManager accessDecisionManager;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("------------333333-----------3333333333333-------------------------------------");
log.info("------------333333-----------3333333333333-------------------------------------");
super.doFilter(request, response, chain);
}
@Override
public void afterPropertiesSet() {
super.afterPropertiesSet();
setAccessDecisionManager(accessDecisionManager);
}
在WebSecurityConfigurerAdapter 里面也添加了AccessDecisionManager 不生效
@Order(1)
@Slf4j
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Resource
private AccessDecisionManager accessDecisionManager;
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("------------0000000000-----------00000000000000000000-------------------------------------");
log.info("------------0000000000-----------00000000000000000000-------------------------------------");
http.authorizeRequests().accessDecisionManager(accessDecisionManager)
.antMatchers("/api/captcha/get/**").permitAll()
.anyRequest().authenticated()
.and().formLogin().permitAll()
.and().csrf().disable();
http.addFilterBefore(customFilterSecurityInterceptor, FilterSecurityInterceptor.class);
}
我尝试了很多种加AccessDecisionManager ,还是不行,SecurityConfig的 方法 configure 和 CustomFilterSecurityInterceptor的方法doFilter
没有sysout打印和log,info打印
版本包信息如下:
折腾了一天了,想不通,求解答
直接通过对象后置处理器更改FilterSecurityInterceptor 的配置就行了
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("------------0000000000-----------00000000000000000000-------------------------------------");
log.info("------------0000000000-----------00000000000000000000-------------------------------------");
http.authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
@Override
public <O extends FilterSecurityInterceptor> O postProcess(O object) {
FilterSecurityInterceptor securityInterceptor = object;
//更改相关配置
// securityInterceptor.setSecurityMetadataSource();
// securityInterceptor.setAccessDecisionManager();
// securityInterceptor.setAuthenticationManager();
return object;
}
})
.antMatchers("/api/captcha/get/**").permitAll()
.anyRequest().authenticated()
.and().formLogin().permitAll()
.and().csrf().disable();
}
}
如果非要完全使用自己的FilterSecurityInterceptor ,也可以在对象后置处理器直接返回自己FilterSecurityInterceptor 实例