从Spring Security 2.0.4迁移到3.1的问题

时间:2012-05-02 18:55:06

标签: spring-security

我对Spring安全性有点新,我正在尝试将现有应用程序从安全2.0.4迁移到3.1,并且收到以下错误消息:

org.springframework.beans.factory.BeanCreationException: 
  Error creating bean with name 'org.springframework.security.authentication.dao.DaoAuthenticationProvider#0': Initialization of bean failed; 
  nested exception is org.springframework.beans.ConversionNotSupportedException: 
  Failed to convert property value of type org.springframework.security.authentication.dao.DaoAuthenticationProvider' 
  to required type 'org.springframework.security.core.userdetails.UserDetailsService' for property 'userDetailsService';
  nested exception is java.lang.IllegalStateException: Cannot convert value of type [org.springframework.security.authentication.dao.DaoAuthenticationProvider] 
  to required type [org.springframework.security.core.userdetails.UserDetailsService]
  for property 'userDetailsService': no matching editors or conversion strategy found

我觉得我错过了一些明显的东西,但我不能为我的生活看到它。

这是我的applicationContextSecurity.xml文件

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:util="http://www.springframework.org/schema/util" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd   
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd">


    <beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="employeeServiceFacade"/>
        <beans:property name="passwordEncoder" ref="passwordEncoderDecoder"/>
        <beans:property name="hideUserNotFoundExceptions" value="false" />
    </beans:bean>

    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="daoAuthenticationProvider"/>         
    </authentication-manager>

    <global-method-security secured-annotations="disabled"/>

    <beans:bean id="customAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <beans:property name="loginFormUrl" value="/login.action"/>
    </beans:bean>

    <beans:bean id="customAuthenticationProcessingFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">     
        <beans:property name="authenticationFailureHandler" ref="failureHandler" />
        <beans:property name="authenticationSuccessHandler" ref="successHandler" /> 
        <beans:property name="authenticationManager" ref="authenticationManager"/> 
        <beans:property name="allowSessionCreation" value="true" />
        <beans:property name="sessionAuthenticationStrategy" ref="sas"/>        
    </beans:bean>

    <beans:bean id="successHandler" class="com.es.tms.web.security.RoleBasedTargetUrlResolver" >
        <beans:property name="defaultTargetUrl" value="/timesheet/searchTimeEntries.action" /> <!-- which is the default value -->      
        <beans:property name="roleNameToUrlMap">
            <util:map>
                <beans:entry key="ROLE_ASSISTANT" value="/billing/viewBillings.action"/>
                <beans:entry key="ROLE_BILLING" value="/expenses/viewToAPApproveExpenses.action"/>
                <beans:entry key="ROLE_PAYROLL" value="/payroll/viewPayroll.action"/>
                <beans:entry key="ROLE_OFFICEASSISTANTEXPENSES" value="/expenses/searchExpenseEntries.action"/>
                <beans:entry key="ROLE_ADMIN_LEVEL1" value="/administration/searchEmployees.action"/>
                <beans:entry key="ROLE_ADMIN" value="/administration/searchEmployees.action"/>
                <beans:entry key="ROLE_ADMIN_ASSISTANT" value="/administration/searchEmployees.action"/>
                <beans:entry key="ROLE_ACCOUNT_MANAGER" value="/administration/searchEmployees.action"/>
                <beans:entry key="ROLE_HR" value="/administration/searchEmployees.action"/>
                <beans:entry key="ROLE_RECRUITER_MANAGER" value="/administration/searchEmployees.action"/>                  
            </util:map>
        </beans:property>   
        <beans:constructor-arg ref="defaultTargetUrlResolver" />            
    </beans:bean>

    <beans:bean id="defaultTargetUrlResolver" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" />  

    <beans:bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
        <beans:property name="defaultFailureUrl" value="/login.action?login_error=true" />
    </beans:bean>

    <beans:bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy">
        <beans:property name="migrateSessionAttributes" value="true" />
    </beans:bean>

    <!--  Non Secured patterns -->
    <http security="none"  pattern="/images/**" />
    <http security="none"  pattern="/styles/**" />
    <http security="none"  pattern="/scripts/**" />
    <http security="none"  pattern="/common/**" />

    <http auto-config="false" entry-point-ref="customAuthenticationEntryPoint" access-denied-page="/forbidden.jsp">
        <custom-filter position="FORM_LOGIN_FILTER" ref="customAuthenticationProcessingFilter" />

        <!-- SECURITY URLs -->
        <intercept-url pattern="/login.action*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/index.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/error*" access="IS_AUTHENTICATED_ANONYMOUSLY" />   

        <logout logout-success-url="/login.action"/>
        <anonymous username="Guest" granted-authority="ROLE_ANONYMOUS"/>

        <remember-me/>
    </http>

    <authentication-manager>    
        <authentication-provider user-service-ref="employeeServiceFacade">
            <password-encoder ref="passwordEncoderDecoder"/>
        </authentication-provider>
    </authentication-manager>       

    <beans:bean id="passwordEncoderDecoder" class="com.es.tms.util.CustomPasswordEncoder"/>

    <beans:bean id="employeeServiceFacade" class="com.es.tms.service.security.EmployeeServiceFacade">
        <beans:property name="coreService" ref="coreService"/>
        <beans:property name="hireStatusCodes" value="O:SOP's have not been completed#P:Survey has not been completed" />
    </beans:bean>

</beans:beans>

这也是我的web.xml文件:

<?xml version="1.0" encoding="UTF-8"?>

<web-app id="stanplus" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" 
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <display-name>TMS</display-name>

    <!-- Define the basename for a resource bundle for I18N -->
    <context-param>
        <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
        <param-value>app_resources</param-value>
    </context-param>
    <!-- Fallback locale if no bundles found for browser's preferred locale -->
    <!-- Force a single locale using param-name 'javax.servlet.jsp.jstl.fmt.locale' -->
    <context-param>
        <param-name>javax.servlet.jsp.jstl.fmt.fallbackLocale</param-name>
        <param-value>en</param-value>
    </context-param>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/applicationContextMail.xml
            /WEB-INF/applicationContextDao.xml
            /WEB-INF/applicationContextService.xml
            /WEB-INF/applicationContextWeb.xml
            /WEB-INF/applicationContextReports.xml
            /WEB-INF/applicationContextQuartz.xml           
            /WEB-INF/applicationContextSecurity.xml
        </param-value>
    </context-param>

    <!-- Filters -->
    <filter>
        <filter-name>encodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
     <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter>
        <filter-name>sitemesh</filter-name>
        <filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
    </filter>
    <filter>
        <filter-name>struts-cleanup</filter-name>
        <filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
    </filter>
    <filter>
        <filter-name>struts</filter-name>
        <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
    </filter>
    <filter>
        <filter-name>lazyLoadingFilter</filter-name>
        <filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>encodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>lazyLoadingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping> 
    <filter-mapping>
        <filter-name>struts-cleanup</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>
    <filter-mapping>
        <filter-name>sitemesh</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>INCLUDE</dispatcher>
    </filter-mapping>
    <filter-mapping>
        <filter-name>struts</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>

    <!-- Listeners -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <listener>
        <listener-class>net.sf.navigator.menu.MenuContextListener</listener-class>
    </listener>

    <!-- Servlets -->
    <servlet>
        <servlet-name>jspSupportServlet</servlet-name>
        <servlet-class>org.apache.struts2.views.JspSupportServlet</servlet-class>
        <load-on-startup>5</load-on-startup>
    </servlet>      

    <!-- Welcome file lists -->
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

    <error-page>
        <exception-type>java.lang.Throwable</exception-type>
        <location>/error.jsp</location>
    </error-page>

</web-app>

非常感谢任何帮助。

谢谢, 史蒂夫

更新:

好的,我查看了这个示例,我确实看到我的身份验证管理器不正确。所以我解决了这个问题,但现在我无法解决这个问题。似乎得到了这个错误:

org.springframework.beans.factory.BeanCreationException: 
  Error creating bean with name 'daoAuthenticationProvider' 
  defined in ServletContext resource [/WEB-INF/applicationContextSecurity.xml]: 
  Cannot resolve reference to bean 'employeeServiceFacade' while setting bean property 'userDetailsService';
  nested exception is org.springframework.beans.factory.BeanCreationException: 
  Error creating bean with name 'employeeServiceFacade' 
  defined in ServletContext resource [/WEB-INF/applicationContextSecurity.xml]: 
  Initialization of bean failed; nested exception is
  org.springframework.beans.factory.BeanInitializationException: 
  Property 'coreService' is required for bean 'employeeServiceFacade'

我在这次升级中没有更改我的coreServie,但它几乎看起来还没有被初始化?有什么想法吗?

我的coreService在applicationContextService.xml文件中设置。

1 个答案:

答案 0 :(得分:0)

我有一个包含此bean的applicationContextService.xml文件。当我在调试启动时浏览它时,我看到服务已初始化,但由于某种原因仍然认为它没有设置。我从EmployeeServiceFacade类的coreService中取出了@Required注释,现在它似乎正在工作。不明白为什么,但我现在至少可以运行我的应用程序。感谢您的回复,至少让我朝着正确的方向前进。