SpringSecurity配置，用着用着就过期了，而且还报unsafe异常，真的是不让懒人活着啊。

万能的网络上找答案

找了一圈，都说用 @Bean的方式注入，代替继承WebSecurityConfigurerAdapter。

试了一下，老是报异常：

Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.

我已经把 

@EnableWebSecurity

去掉了，还是报这个，不知道哪里又加载了

WebSecurityConfiguration

这个类了。

索性不管了，直接覆盖。

看源码

@Configuration(proxyBeanMethods = false
)
public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAware {‘’‘’‘’‘’@Bean@DependsOn({"springSecurityFilterChain"})public SecurityExpressionHandler webSecurityExpressionHandler() {return this.webSecurity.getExpressionHandler();}@Bean(name = {"springSecurityFilterChain"})public Filter springSecurityFilterChain() throws Exception {boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();boolean hasFilterChain = !this.securityFilterChains.isEmpty();Assert.state(!hasConfigurers || !hasFilterChain, "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");if (!hasConfigurers && !hasFilterChain) {WebSecurityConfigurerAdapter adapter = (WebSecurityConfigurerAdapter)this.objectObjectPostProcessor.postProcess(new WebSecurityConfigurerAdapter() {});this.webSecurity.apply(adapter);}Iterator var7 = this.securityFilterChains.iterator();while(true) {while(var7.hasNext()) {SecurityFilterChain securityFilterChain = (SecurityFilterChain)var7.next();this.webSecurity.addSecurityFilterChainBuilder(() -> {return securityFilterChain;});Iterator var5 = securityFilterChain.getFilters().iterator();while(var5.hasNext()) {Filter filter = (Filter)var5.next();if (filter instanceof FilterSecurityInterceptor) {this.webSecurity.securityInterceptor((FilterSecurityInterceptor)filter);break;}}}var7 = this.webSecurityCustomizers.iterator();while(var7.hasNext()) {WebSecurityCustomizer customizer = (WebSecurityCustomizer)var7.next();customizer.customize(this.webSecurity);}return (Filter)this.webSecurity.build();}}、、、、、、、
}

就是 Assert.state(!hasConfigurers || !hasFilterChain, "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");

这句报出来的，咱们要替换的也是这个。

@Configuration
@RequiredArgsConstructor
@EnableWebSecurity(debug = true)
public class WebSecurityConfig
{private final AuthenticationConfiguration authenticationConfiguration;@Bean( name = {"springSecurityFilterChain"})public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{http.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().antMatchers("/**").permitAll().anyRequest().authenticated();return http.build();}@Beanpublic AuthenticationManager authenticationManager() throws Exception{AuthenticationManager authenticationManager = authenticationConfiguration.getAuthenticationManager();return authenticationManager;}@Beanpublic PasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}}

 启动不了，看看异常：

Description:The bean 'springSecurityFilterChain', defined in class path resource [com/micro/exchange/auth/config/WebSecurityConfig.class], could not be registered. A bean with that name has already been defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class] and overriding is disabled.Action:Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true

挺贴心，还给了解决方案，咱们就是为了覆盖，不能修改名字，选第二个吧

spring:main:allow-bean-definition-overriding: true

修改完，启动，还是没启动起来，晕了。

AuthorizationServerConfigurerAdapter 继承类报 authenticationManager空指针

原因：继承类先于WebSecurityConfig类加载了。

网上说给WebSecurityConfig 加 @Order, 但是没有生效，不知道是缓存还是什么原因。

幸好有

@AutoConfigureAfter(WebSecurityConfig.class)

解决问题