我正在从参考资料中学习弹簧安全性。发布3.1.2.RELEASE。如上所述,我已经配置了security:http这样的标签
安全-context.xml中
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER"/>
</security:http>
的web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:*-context.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>security</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>security</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
安全-servlet.xml中
<context:component-scan base-package="com.pokuri.security.mvc.controllers"/>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/page/"/>
<property name="suffix" value=".jsp"/>
</bean>
但是当我启动应用程序时,我得到了这个异常。如果我删除安全配置我的春季Web应用程序工作正常。我在stackoverflow中遇到了同样的问题。但没有运气。
答案 0 :(得分:65)
我认为您的问题的原因可能在于,当您启动Web应用程序时,未加载用于Spring安全性的xml配置文件。
要解决此问题,您应该在web.xml中指定所有XML配置文件:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
</context-param>
如果你的配置文件在classpath(不是WEB-INF文件夹或它的子文件夹)中,那么你可以用这种方式指定配置文件列表;
...
<param-value>
classpath:applicationContext.xml,
classpath:spitter-security.xml
</param-value>
...
此外,您还需要添加将加载配置文件的特殊侦听器:
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
答案 1 :(得分:11)
我刚刚在applicationContext.xml中添加了bean定义,如Spring所说:
<bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"/>
答案 2 :(得分:5)
将此web.xml
添加<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/root-context.xml, /WEB-INF/spring-security.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- filter declaration for Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
答案 3 :(得分:1)
万一它对任何人都有用,我已经重命名了我的一个软件包,但是Eclipse不会自动更新您的@ComponentScan路径,因此请确保也进行了更改:
@ComponentScan(basePackages = "com.package.spring")
答案 4 :(得分:0)
从Spring Security 5.2.1-SNAPSHOT开始,当我没有在安全XML配置中声明<http/>元素时,我就发生了此错误。
我正在尝试一个示例,并且具有类似的配置
<b:beans xmlns="http://www.springframework.org/schema/security" xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
<user-service>
<user name="user" password="{noop}password" authorities="ROLE_USER" />
</user-service>
</b:beans>
我不得不更改它以添加<http/>,如下所示。
<b:beans xmlns="http://www.springframework.org/schema/security" xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
<http />
<user-service>
<user name="user" password="{noop}password" authorities="ROLE_USER" />
</user-service>
</b:beans>