springboot3+springsecurity6集成druid启动报错

环境:springboot3+security6+druid1.2.20

druid1.2.20这个版本开始支持springboot3自动配置,不再需要手动引入

依赖为


    com.alibaba
    druid-spring-boot-3-starter
    1.2.20

报错:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterChain' defined in class path resource [com/free/security/SecurityConfiguration.class]: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'filterChain' threw exception with message: This method cannot decide whether these patterns are Spring MVC patterns or not. If this endpoint is a Spring MVC endpoint, please use requestMatchers(MvcRequestMatcher); otherwise, please use requestMatchers(AntPathRequestMatcher).

This is because there is more than one mappable servlet in your servlet context: {org.springframework.web.servlet.DispatcherServlet=[/], com.alibaba.druid.support.jakarta.StatViewServlet=[/druid/*]}.

For each MvcRequestMatcher, call MvcRequestMatcher#setServletPath to indicate the servlet path.

原因:

看报错位置加粗内容是重点

意思是 对于每一个接口,security无法确定这个接口是不是mvc接口,请开发者明确的声明这个接口为MvcRequestMatcher或者AntPathRequestMatcher

看代码,在security配置放行接口的位置,配置了放行druid接口

httpSecurity.authorizeHttpRequests(
    auth -> auth
        .requestMatchers("/druid/**").permitAll());

这样的写法是不对的,应该明确的声明这个pattern是哪种pattern,改为

.requestMatchers(AntPathRequestMatcher.antMatcher("/druid/**")).permitAll()

再次启动项目,不再报错

结论:问题并不是因为druid产生的,而是security配置类代码不够严谨

你可能感兴趣的:(JAVA插件/组件,druid,springsecurity)