No Bean Named ‘springSecurityFilterChain’ is Defined – 没有定义名为‘springSecurityFilterChain’的 Bean

最后修改: 2013年 7月 12日

中文/混合/英文(键盘快捷键:t)

1. The Problem

1.问题

This article discusses a Spring Security configuration problem – the application bootstrapping process throwing the following exception:

本文讨论了一个Spring Security的配置问题–应用程序启动过程中抛出以下异常。

SEVERE: Exception starting filter springSecurityFilterChain
org.springframework.beans.factory.NoSuchBeanDefinitionException: 
No bean named 'springSecurityFilterChain' is defined

2. The Cause

2.原因

The cause of this exception is straightforward – Spring Security looks for a bean named springSecurityFilterChain (by default), and cannot find it. This bean is required by the main Spring Security Filter – the DelegatingFilterProxy – defined in the web.xml:

这个异常的原因很简单–Spring Security寻找一个名为springSecurityFilterChain(默认)的Bean,但没有找到。这个Bean是主要的Spring Security FilterDelegatingFilterProxy–在web.xml中定义的。

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

This is just a proxy that delegates all its logic to the springSecurityFilterChain bean.

这只是一个代理,它将所有的逻辑委托给springSecurityFilterChain Bean。

3. The Solution

3.解决方案

The most common reason this bean is missing from the context is that the security XML configuration has no <http> element defined:

最常见的原因是安全XML配置中没有定义<http>元素,因此上下文中缺少这个bean。

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:sec="http://www.springframework.org/schema/security"
  xsi:schemaLocation="
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd
    http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">

</beans:beans>

If the XML configuration is using the security namespace – as the example above, then declaring a simple <http> element will ensure that the filter bean is created and everything starts up correctly:

如果XML配置使用的是安全命名空间–如上面的例子,那么声明一个简单的<http>元素将确保过滤器Bean的创建和一切正常启动。

<http auto-config='true'>
    <intercept-url pattern="/**" access="ROLE_USER" />
</http>

Another possible reason is that the security configuration is not imported at all into the overall context of the web application.

另一个可能的原因是,安全配置根本没有被导入到网络应用程序的整体环境中

If the security XML config file is named springSecurityConfig.xml, make sure the resource is imported:

如果安全XML配置文件被命名为springSecurityConfig.xml,确保该资源被导入

@ImportResource({"classpath:springSecurityConfig.xml"})

Or in XML:

或者在XML中。

<import resource="classpath:springSecurityConfig.xml" />

Finally, the default name of the filter bean can be changed in the web.xml – usually to use an existing Filter with Spring Security:

最后,可以在web.xml中改变过滤器bean的默认名称–通常是使用Spring Security的现有Filter。

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
      org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
    <init-param>
        <param-name>targetBeanName</param-name>
        <param-value>customFilter</param-value>
    </init-param>
</filter>

4. Conclusion

4.结论

This article discusses a very specific Spring Security problem – the missing filter chain bean – and shows the solutions to this common issue.

本文讨论了一个非常具体的Spring Security问题–缺失的过滤器链Bean,并展示了这个常见问题的解决方案。