Question

我有一个Spring应用程序，我想要做的就是为Spring Security提供所有默认标头。我的web.xml更改如下：

<!-- Loads Spring Security config file -->
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring-security.xml
    </param-value>
</context-param>

<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

我的spring-security.xml如下：

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config="true">
        <headers />
    </http>

</beans:beans>

我在启动时看到以下错误

产生的原因：org.springframework.beans.factory.BeanCreationException：错误创建具有名称豆“org.springframework.security.web.DefaultSecurityFilterChain＃0”：无法解析参照豆“org.springframework.security.web.authentication .UsernamePasswordAuthenticationFilter＃0'用key [4]设置构造函数参数;嵌套的例外是org.springframework.beans.factory.BeanCreationException：错误创建名为“org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter＃0”豆：无法解析参考豆“org.springframework.security.authentication.ProviderManager＃设置bean属性'authenticationManager'时为0';嵌套的例外是org.springframework.beans.factory.BeanCreationException：错误创建名为“org.springframework.security.authentication.ProviderManager＃0”豆：无法解析参考豆“org.springframework.security.config.authentication.AuthenticationManagerFactoryBean＃设置构造函数参数时为0';嵌套异常是org.springframework.beans.factory.BeanCreationException：创建名为'org.springframework.security.config.authentication.AuthenticationManagerFactoryBean＃0'的bean时出错：FactoryBean在创建对象时抛出异常;嵌套异常是org.springframework.beans.factory.NoSuchBeanDefinitionException：没有定义名为'org.springframework.security.authenticationManager'的bean：你是否忘记在配置中添加一个gobal元素（带子元素）？或者，您可以在和元素上使用authentication-manager-ref属性。

Answer 1

你需要给它一些东西来验证用户。尝试添加

<user-service>
        <user name="user" password="password" authorities="ROLE_USER" />
</user-service>

访问您的安全xml并查看示例here.

Answer 2

在SecurityConfig java类中尝试此操作以禁用跨站点请求伪造（CSRF）。默认情况下启用此选项：

   @EnableWebSecurity
    @Configuration
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
    ...
    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http.csrf().disable();
       //You can continue extending this method call . e.g. calling 
       //authorizeRequests()
       http.headers().xssProtection();

        }
    }

基本Spring安全性错误

2 个答案: