通用匹配模式('/ **')在过滤器链中的其他模式之前定义,导致它们被忽略

时间:2013-02-11 18:41:54

标签: spring-security

我在Spring 3.1.3版本和以下应用程序上下文文件中遇到了这个问题。我不太清楚为什么会这样。已经查看了与此相关的大部分帖子。我不认为我的版本不匹配。

应用程序上下文文件:

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:http auto-config='true' entry-point-ref="casEntryPoint" >
    <security:intercept-url pattern="/panelpipeline/**" access="ROLE_USER"/>
    <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
</security:http>

<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    <property name="service"
        value="https://seqdws1/cas/j_spring_cas_security_check" />
    <property name="sendRenew" value="false" />
</bean>

<security:http entry-point-ref="casEntryPoint">
    <security:custom-filter position="CAS_FILTER"
        ref="casFilter" />
</security:http>

<bean id="casFilter"
    class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<bean id="casEntryPoint"
    class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    <property name="loginUrl" value="https://seqdws1/cas/login" />
    <property name="serviceProperties" ref="serviceProperties" />
</bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="casAuthenticationProvider" />
</security:authentication-manager>

<bean id="casAuthenticationProvider"
    class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    <property name="userDetailsService" ref="userService" />
    <property name="serviceProperties" ref="serviceProperties" />
    <property name="ticketValidator">
        <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
            <constructor-arg index="0" value="https://seqdws1/cas" />
        </bean>
    </property>
    <property name="key" value="an_id_for_this_auth_provider_only" />
</bean>

<security:user-service id="userService">
    <security:user name="joe" password="joe" authorities="ROLE_USER" />     
</security:user-service>

<!-- <security:authentication-manager> <security:authentication-provider> 
    <security:user-service> <security:user name="jimi" password="jimispassword" 
    authorities="ROLE_USER, ROLE_ADMIN" /> <security:user name="bob" password="bobspassword" 
    authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> 
    </security:authentication-manager> -->

POM依赖

<dependencies>
    <dependency>
        <groupId>com.google.gwt</groupId>
        <artifactId>gwt-servlet</artifactId>
        <version>${gwtVersion}</version>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>com.google.gwt</groupId>
        <artifactId>gwt-user</artifactId>
        <version>${gwtVersion}</version>
        <scope>provided</scope>
    </dependency>
    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>4.7</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>javax.validation</groupId>
        <artifactId>validation-api</artifactId>
        <version>1.0.0.GA</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>javax.validation</groupId>
        <artifactId>validation-api</artifactId>
        <version>1.0.0.GA</version>
        <classifier>sources</classifier>
        <scope>test</scope>
    </dependency>


    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-context</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-beans</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-core</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-tx</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-web</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-jdbc</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-aop</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-asm</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-expression</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-cas</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>

</dependencies>

1 个答案:

答案 0 :(得分:10)

您发布的配置有两个<http>元素,两个元素都没有pattern属性,因此两者都是隐式定义的,以匹配所有请求。第二个将覆盖第一个。

这并不一定能解释您为什么会看到此消息(因为它通常应用于单个链中的过滤器),但这绝对是一个错误。

除非您确定需要隐式添加的额外过滤器,否则您还应删除auto-config='true'