自定义PermissionEvaluation bean导致循环引用和空指针异常。

Question

我试图在Spring 4上设置，但是我得到了一个空指针异常。

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.acls.jdbc.LookupStrategy]: Circular reference involving containing bean 'webSecurityACL' - consider declaring the factory method as static for independence from its containing instance. Factory method 'lookupStrategy' threw exception; nested exception is java.lang.IllegalArgumentException: DataSource required
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
... 95 common frames omitted
Caused by: java.lang.IllegalArgumentException: DataSource required
at org.springframework.util.Assert.notNull(Assert.java:112)
at org.springframework.security.acls.jdbc.BasicLookupStrategy.<init>(BasicLookupStrategy.java:145)
at com.sample.application.WebSecurityACL.lookupStrategy(WebSecurityACL.java:59)

下面是我的java配置文件：

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityACL extends GlobalMethodSecurityConfiguration {

@Autowired
public DataSource dataSource;

@Bean
EhCacheBasedAclCache aclCache() {
    EhCacheFactoryBean factoryBean = new EhCacheFactoryBean();
    EhCacheManagerFactoryBean cacheManager = new EhCacheManagerFactoryBean();

    factoryBean.setCacheName("aclCache");
    factoryBean.setCacheManager(cacheManager.getObject());
    factoryBean.afterPropertiesSet();

    return new EhCacheBasedAclCache(factoryBean.getObject(), permissionGrantingStrategy(), aclAuthorizationStrategy());
}

@Bean
AclAuthorizationStrategy aclAuthorizationStrategy() {
    return new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ROLE_ACL_ADMIN"));
}

@Bean
PermissionGrantingStrategy permissionGrantingStrategy(){
    return new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger());
}

@Bean
LookupStrategy lookupStrategy() {
    return new BasicLookupStrategy(dataSource, aclCache(), aclAuthorizationStrategy(), permissionGrantingStrategy());
}

@Bean
JdbcMutableAclService aclService() {
    JdbcMutableAclService service = new JdbcMutableAclService(dataSource, lookupStrategy(), aclCache());
    //service.setClassIdentityQuery("select currval(pg_get_serial_sequence('acl_class', 'id'))");
    //service.setSidIdentityQuery("select currval(pg_get_serial_sequence('acl_sid', 'id'))");
    return service;
}

@Bean
PermissionEvaluator permissionEvaluator(){
    return new AclPermissionEvaluator(aclService());
}

@Bean
AclPermissionCacheOptimizer aclPermissionCacheOptimizer(){
    return new AclPermissionCacheOptimizer(aclService());
}

@Override
protected MethodSecurityExpressionHandler createExpressionHandler(){
    DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();

    expressionHandler.setPermissionEvaluator(permissionEvaluator());
    expressionHandler.setPermissionCacheOptimizer(aclPermissionCacheOptimizer());

    return expressionHandler;
}
}

我找出罪魁祸首是permissionEvaluator豆。如果我将aclService()替换为null (仅用于测试)：

PermissionEvaluator permissionEvaluator(){
    return new AclPermissionEvaluator(null);
}

那么我就可以运行这个应用程序了。我不知道循环参考文件在哪里。如有任何建议，将不胜感激。

这是我的分级文件：

version '1.0-SNAPSHOT'

apply plugin: 'spring-boot'


buildscript {
repositories {
    mavenCentral()
}
dependencies {
    classpath("org.springframework.boot:spring-boot-gradle-plugin:1.2.7.RELEASE")
}
}

dependencies {
compile 'org.codehaus.jackson:jackson-mapper-asl:1.9.13'
compile("org.springframework.boot:spring-boot-starter-thymeleaf")
compile("org.springframework.boot:spring-boot-starter-security")
compile("org.thymeleaf.extras:thymeleaf-extras-springsecurity3:2.1.2.RELEASE")
compile 'org.springframework.security:spring-security-acl:3.2.8.RELEASE'
compile 'net.sf.ehcache:ehcache:2.10.1'
runtime 'mysql:mysql-connector-java:5.1.36'
testCompile group: 'junit', name: 'junit', version: '4.12'
}

Answer 1

原因是数据源没有被注入-

原因: org.springframework.util.Assert.notNull(Assert.java:112) at org.springframework.security.acls.jdbc.BasicLookupStrategy.(BasicLookupStrategy.java:145) at com.sample.application.WebSecurityACL.lookupStrategy(WebSecurityACL.java:59)：java.lang.IllegalArgumentException: DataSource

你能确认一下吗？您排除异常的原因是"AclPermissionEvaluator(null)“也调用了数据源，并给出了一个未提及的异常。