Question

我正在构建一个启用了方法安全性的spring安全性示例。在使用methodSecurity之前，我没有收到任何错误，但是在使用@PreAuthorize注释对该方法进行注释后，我收到此错误

java.lang.NoClassDefFoundError：org / springframework / security / access / intercept / aopalliance / MethodSecurityInterceptor

我在项目中添加了4个库。还有春季安全3.2.6

我的web.xml文件内容

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <!--region Spring Security-->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/config/security-config.xml</param-value>
    </context-param>
    <!--endregion-->

    <servlet>
        <servlet-name>fitTrackerServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/config/servlet-config.xml</param-value>
        </init-param>
    </servlet>

    <servlet-mapping>
        <servlet-name>fitTrackerServlet</servlet-name>
        <url-pattern>*.html</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>fitTrackerServlet</servlet-name>
        <url-pattern>/pdfs/**</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>fitTrackerServlet</servlet-name>
        <url-pattern>/images/**</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>fitTrackerServlet</servlet-name>
        <url-pattern>*.json</url-pattern>
    </servlet-mapping>

    <display-name>Archetype Created Web Application</display-name>
</web-app>

servlet的config.xml中：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">

    <context:component-scan base-package="com.pluralsight" />
    <mvc:annotation-driven />

    <security:global-method-security pre-post-annotations="enabled"/>

    <mvc:resources mapping="/pdfs/**" location="/pdfs"/>

    <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
        <property name="basename" value="messages"/>
    </bean>

    <mvc:interceptors>
        <bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
            <property name="paramName" value="language"/>
        </bean>
    </mvc:interceptors>

    <bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
        <property name="defaultLocale" value="en"/>
    </bean>


    <bean id="viewResolver"
          class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/WEB-INF/jsp/"/>
        <property name="suffix" value=".jsp"/>
    </bean>

    <bean id="multipartResolver" class="org.springframework.web.multipart.support.StandardServletMultipartResolver">

    </bean>
</beans>

安全-config.xml中

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns="http://www.springframework.org/schema/security"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">

    <http auto-config="true" use-expressions="true">
        <!--khatte avale ziri baraye tanzim login page mibashad-->
        <intercept-url pattern="/Login.html" access="permitAll" />
        <intercept-url pattern="/Logout.html" access="permitAll" />
        <intercept-url pattern="/403.html" access="permitAll" />
        <intercept-url pattern="/LoginFailed.html" access="permitAll" />

        <form-login login-page="/Login.html" authentication-failure-url="/LoginFailed.html" />
        <logout logout-success-url="/Logout.html" />
        <access-denied-handler error-page="/403.html" />
    </http>

    <authentication-manager>
        <authentication-provider>
            <!--instead of the "userDetailsService" we can use this line of code: -->
            <jdbc-user-service data-source-ref="dataSource"/>
            <password-encoder hash="bcrypt"/>
        </authentication-provider>
    </authentication-manager>


    <beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
        <beans:property name="driverClassName" value="com.microsoft.sqlserver.jdbc.SQLServerDriver" />
        <beans:property name="url" value="jdbc:sqlserver://server;databasename=SpringSecurity" />
        <beans:property name="username" value="sa" />
        <beans:property name="password" value="Rooyan#1234" />
    </beans:bean>

</beans:beans>

这是带注释的方法：

@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping(value = "addGoal", method = RequestMethod.POST)
public String updateGoal(@Valid @ModelAttribute("goal") Goal goal, BindingResult result) {

    System.out.println("result has errors: " + result.hasErrors());

    System.out.println("Goal set: " + goal.getMinutes());

    if(result.hasErrors()) {
        return "addGoal";
    }

    return "redirect:index.jsp";
}

Answer 1

添加此依赖项为我解决了这个问题：

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-messaging</artifactId>
</dependency>

请注意，我使用的是Spring Boot 1.4.0.RC1。

Answer 2

确保您的WEB-INF / lib文件夹中有aopalliance jar。从春季开始，spring-aop不再具有此功能。

java.lang.NoClassDefFoundError：org / springframework / security / access / intercept / aopalliance / MethodSecurityInterceptor

2 个答案: