环境:springboot3+security6+druid1.2.20
报错:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterChain' defined in class path resource [com/free/security/SecurityConfiguration.class]: Failed to instantiate [org.springframework.security.web.SecurityFilterChain]: Factory method 'filterChain' threw exception with message: This method cannot decide whether these patterns are Spring MVC patterns or not. If this endpoint is a Spring MVC endpoint, please use requestMatchers(MvcRequestMatcher); otherwise, please use requestMatchers(AntPathRequestMatcher).
This is because there is more than one mappable servlet in your servlet context: {org.springframework.web.servlet.DispatcherServlet=[/], com.alibaba.druid.support.jakarta.StatViewServlet=[/druid/*]}.
For each MvcRequestMatcher, call MvcRequestMatcher#setServletPath to indicate the servlet path.
原因:
看报错位置加粗内容是重点
意思是 对于每一个接口,security无法确定这个接口是不是mvc接口,请开发者明确的声明这个接口为MvcRequestMatcher或者AntPathRequestMatcher
看代码,在security配置放行接口的位置,配置了放行druid接口
java
httpSecurity.authorizeHttpRequests(
auth -> auth
.requestMatchers("/druid/**").permitAll());这样的写法是不对的,应该明确的声明这个pattern是哪种pattern,改为
java
.requestMatchers(AntPathRequestMatcher.antMatcher("/druid/**")).permitAll()再次启动项目,不再报错
结论:问题并不是因为druid产生的,而是security配置类代码不够严谨
另外,值得一提的是
druid1.2.20这个版本开始支持springboot3自动配置,不再需要手动引入
springboot3的依赖包与springboot2不同
依赖为
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-3-starter</artifactId>
<version>1.2.20</version>
</dependency>