最近我从Spring Security 3迁移到了版本4.一切都运行良好,但现在没有任何作用。
这是我的spring-security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/home.MRCMPU" access="permitAll"/>
<intercept-url pattern="/loginFailure.MRCMPU" access="permitAll"/>
<intercept-url pattern="/*.MRCMPU" access="permitAll"/>
<intercept-url pattern="/con" access="permitAll"/>
<form-login
login-page="/home.MRCMPU"
login-processing-url="/login" authentication-success-handler-ref="AuthenticationSuccess"
authentication-failure-handler-ref="AuthenticationFailure" username-parameter="username" password-parameter="password" />
<logout logout-url="/logout.MRCMPU" success-handler-ref="Logout" invalidate-session="true" delete-cookies="true"/>
</http>
<authentication-manager>
<authentication-provider user-service-ref="Authentication"/>
</authentication-manager>
</beans:beans>
有人能从这段代码中找到冲突吗?
答案 0 :(得分:0)
你在这里缺少很多推荐的bean。
user-service-ref="Authentication" success-handler-ref="Logout" authentication-success-handler-ref="AuthenticationSuccess" authentication-failure-handler-ref="AuthenticationFailure" 对于上面提到的引用,你应该有bean,比如
没有定义名为'Logout'的bean
将抛出异常。
添加类似
的bean类<bean id="Authentication"
class="class which you need to refer">
</bean>
答案 1 :(得分:-1)
最后我自己清除了它。 通过使用xml禁用csrf
<csrf disabled="true"/>
但是如何在不禁用csrf令牌的情况下执行此操作