development environment jdk 17,spring boot 3+, spring 6+, cxf 4+
When I inject CXFServlet into spring, spring security cannot be intercepted through permissions and the project cannot be started
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through method 'setFilterChains' parameter 0: Error creating bean with name 'securityFilterChain' defined in class path resource [com/sisglobal/eai/assembly/security/SecurityConfig.class]: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'securityFilterChain' threw exception with message: This method cannot decide whether these patterns are Spring MVC patterns or not. If this endpoint is a Spring MVC endpoint, please use requestMatchers(MvcRequestMatcher); otherwise, please use requestMatchers(AntPathRequestMatcher).
Bean injection
` @Bean
public ServletRegistrationBean
@Bean(name = Bus.DEFAULT_BUS_ID)
public Bus springBus() {
return SpringBusFactory.getDefaultBus();
}
@Bean
public Endpoint endpoint(Bus bus,ApiService apiService) {
Endpoint endpoint = new EndpointImpl(bus,apiService);
endpoint.publish("/apiService");
return endpoint;
}`
HttpSecurity Configuration
http
.cors(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(matcherRegistry -> matcherRegistry
.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
// An error will be reported here, and the permission cannot be intercepted
.requestMatchers(authenticateRoutePaths).authenticated()
.anyRequest().permitAll())
.sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
Source of the problem spring-security-config-6.1.3.jar > org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry > requestMatchers(HttpMethod method, String... patterns)
public C requestMatchers(HttpMethod method, String... patterns) {
if (!mvcPresent) {
return this.requestMatchers(AbstractRequestMatcherRegistry.RequestMatchers.antMatchersAsArray(method, patterns));
} else if (!(this.context instanceof WebApplicationContext)) {
return this.requestMatchers(AbstractRequestMatcherRegistry.RequestMatchers.antMatchersAsArray(method, patterns));
} else {
WebApplicationContext context = (WebApplicationContext)this.context;
ServletContext servletContext = context.getServletContext();
if (servletContext == null) {
return this.requestMatchers(AbstractRequestMatcherRegistry.RequestMatchers.antMatchersAsArray(method, patterns));
} else {
Map<String, ? extends ServletRegistration> registrations = this.mappableServletRegistrations(servletContext);
if (registrations.isEmpty()) {
return this.requestMatchers(AbstractRequestMatcherRegistry.RequestMatchers.antMatchersAsArray(method, patterns));
} else if (!this.hasDispatcherServlet(registrations)) {
return this.requestMatchers(AbstractRequestMatcherRegistry.RequestMatchers.antMatchersAsArray(method, patterns));
} else if (registrations.size() > 1) {//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
String errorMessage = this.computeErrorMessage(registrations.values());
throw new IllegalArgumentException(errorMessage);
} else {
return this.requestMatchers((RequestMatcher[])this.createMvcMatchers(method, patterns).toArray(new RequestMatcher[0]));
}
}
}
}
Comment From: xfmyh
Sorry, I have found a solution to the problem that has already occurred https://github.com/spring-projects/spring-security/issues/13609