WebSecurityConfigurerAdapter过时的替代方式

SpringSecurity配置，用着用着就过期了，而且还报unsafe异常，真的是不让懒人活着啊。

万能的网络上找答案

找了一圈，都说用 @Bean的方式注入，代替继承WebSecurityConfigurerAdapter。

试了一下，老是报异常：

Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.

我已经把 

@EnableWebSecurity

去掉了，还是报这个，不知道哪里又加载了

WebSecurityConfiguration

这个类了。

索性不管了，直接覆盖。

看源码

1.  
   @Configuration(
2.  
   proxyBeanMethods = false
3.  
   )
4.  
   public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAware {
5.  
   ‘’‘’‘’‘’
6.  
    
7.  
   @Bean
8.  
   @DependsOn({"springSecurityFilterChain"})
9.  
   public SecurityExpressionHandler<FilterInvocation> webSecurityExpressionHandler() {
10.  
    return this.webSecurity.getExpressionHandler();
11.  
    }
12.  
     
13.  
    @Bean(
14.  
    name = {"springSecurityFilterChain"}
15.  
    )
16.  
    public Filter springSecurityFilterChain() throws Exception {
17.  
    boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();
18.  
    boolean hasFilterChain = !this.securityFilterChains.isEmpty();
19.  
    Assert.state(!hasConfigurers || !hasFilterChain, "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
20.  
    if (!hasConfigurers && !hasFilterChain) {
21.  
    WebSecurityConfigurerAdapter adapter = (WebSecurityConfigurerAdapter)this.objectObjectPostProcessor.postProcess(new WebSecurityConfigurerAdapter() {
22.  
    });
23.  
    this.webSecurity.apply(adapter);
24.  
    }
25.  
     
26.  
    Iterator var7 = this.securityFilterChains.iterator();
27.  
     
28.  
    while(true) {
29.  
    while(var7.hasNext()) {
30.  
    SecurityFilterChain securityFilterChain = (SecurityFilterChain)var7.next();
31.  
    this.webSecurity.addSecurityFilterChainBuilder(() -> {
32.  
    return securityFilterChain;
33.  
    });
34.  
    Iterator var5 = securityFilterChain.getFilters().iterator();
35.  
     
36.  
    while(var5.hasNext()) {
37.  
    Filter filter = (Filter)var5.next();
38.  
    if (filter instanceof FilterSecurityInterceptor) {
39.  
    this.webSecurity.securityInterceptor((FilterSecurityInterceptor)filter);
40.  
    break;
41.  
    }
42.  
    }
43.  
    }
44.  
     
45.  
    var7 = this.webSecurityCustomizers.iterator();
46.  
     
47.  
    while(var7.hasNext()) {
48.  
    WebSecurityCustomizer customizer = (WebSecurityCustomizer)var7.next();
49.  
    customizer.customize(this.webSecurity);
50.  
    }
51.  
     
52.  
    return (Filter)this.webSecurity.build();
53.  
    }
54.  
    }
55.  
     
56.  
    、、、、、、、
57.  
    }

就是 Assert.state(!hasConfigurers || !hasFilterChain, "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");

这句报出来的。

1.  
   @Configuration
2.  
   @RequiredArgsConstructor
3.  
   @EnableWebSecurity(debug = true)
4.  
   public class WebSecurityConfig
5.  
   {
6.  
    
7.  
   private final AuthenticationConfiguration authenticationConfiguration;
8.  
    
9.  
   @Bean( name = {"springSecurityFilterChain"})
10.  
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{
11.  
    http.authorizeRequests()
12.  
    .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
13.  
    .antMatchers("/**").permitAll()
14.  
    .anyRequest().authenticated();
15.  
    return http.build();
16.  
    }
17.  
     
18.  
     
19.  
    @Bean
20.  
    public AuthenticationManager authenticationManager() throws Exception{
21.  
    AuthenticationManager authenticationManager = authenticationConfiguration.getAuthenticationManager();
22.  
    return authenticationManager;
23.  
    }
24.  
     
25.  
     
26.  
    @Bean
27.  
    public PasswordEncoder passwordEncoder() {
28.  
    return new BCryptPasswordEncoder();
29.  
    }
30.  
     
31.  
    }

 启动不了，看看异常：

1.  
   Description:
2.  
    
3.  
   The bean 'springSecurityFilterChain', defined in class path resource [com/micro/exchange/auth/config/WebSecurityConfig.class], could not be registered. A bean with that name has already been defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class] and overriding is disabled.
4.  
    
5.  
   Action:
6.  
    
7.  
   Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true

挺贴心，还给了解决方案，咱们就是为了覆盖，不能修改名字，选第二个吧

1.  
   spring:
2.  
   main:
3.  
   allow-bean-definition-overriding: true

修改完，启动，还是没启动起来，晕了。

AuthorizationServerConfigurerAdapter 继承类报 authenticationManager空指针

原因：继承类先于WebSecurityConfig类加载了。

网上说给WebSecurityConfig 加 @Order, 但是没有生效，不知道是缓存还是什么原因。

幸好有

@AutoConfigureAfter(WebSecurityConfig.class)

启动，调用，没有生效

这篇文章比较实用，顺序生效了。

问题解决。

解决问题还是得撸下源码，才能真正解决问题

这篇好文章是转载于：学新通技术网