我想注册我的自定义UsernamePasswordAuthenticationFilter,但当我这样做时,我得到一个错误,即属性'id'不允许出现在元素'beans:beans'中。我知道我在标签的某个地方犯了一个错误但我不知道我不知道这个标签是多么的好用。这是spring-security.xml:
<beans:bean xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login" />
</bean>
<bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/login" />
</bean>
<bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login?error=true" />
</bean>
<bean id="myAuthFilter"
class="com.webproject.MyAuthFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureHandler" ref="failureHandler" />
<property name="authenticationSuccessHandler" ref="successHandler" />
</bean>
<http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<intercept-url pattern="/courses**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/mycourses**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/courses/**" access="hasRole('ROLE_USER')" />
<custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
<csrf disabled="true" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select username,passwort, enabled from users where username=?"
authorities-by-username-query=
"select username, user_role from user_roles where username =? " />
</authentication-provider>
</authentication-manager>
答案 0 :(得分:1)
编辑:
您的默认namespace为http://www.springframework.org/schema/security,因此除安全名称空间外,您需要使用<beans:bean>
因此,您的以下声明有效且正确。
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema
完整配置应该如下,
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login" />
</beans:bean>
<beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/login" />
</beans:bean>
<beans:bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login?error=true" />
</bean>
<beans:bean id="myAuthFilter"
class="com.webproject.MyAuthFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureHandler" ref="failureHandler" />
<property name="authenticationSuccessHandler" ref="successHandler" />
</beans:bean>
<http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<intercept-url pattern="/courses**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/mycourses**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/courses/**" access="hasRole('ROLE_USER')" />
<custom-filter position="FORM_LOGIN_FILTER" ref="myAuthFilter" />
<csrf disabled="true" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select username,passwort, enabled from users where username=?"
authorities-by-username-query=
"select username, user_role from user_roles where username =? " />
</authentication-provider>
</authentication-manager>
答案 1 :(得分:0)
<beans:beans id="loginUrlAuthenticationEntryPoint" ...
- 这个应该是
<beans:bean id="loginUrlAuthenticationEntryPoint" ...
答案 2 :(得分:0)
只需查看命名空间xmlns:beans="http://www.springframework.org/schema/beans",您正在使用beans命名空间来指定bean,因此您的bean应该像
<beans:bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/login" />
</beans:bean>
或
从中更改bean的命名空间
xmlns:beans="http://www.springframework.org/schema/beans"至xmlns="http://www.springframework.org/schema/beans"