将Spring Security 2迁移到3时出错

时间:2014-06-26 10:22:42

标签: java spring-security migration

我正在尝试将Spring Security Application从2.0.4迁移到3.0。我相应地更新了必要的标签。但我面临错误

我的config.xml如下所示

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <security:http entry-point-ref="authenticationEntryPoint"
        access-denied-page="/pages/accessDenied">        


        <security:intercept-url pattern="/resources/**" filters="none"/>
        <security:intercept-url pattern="/includes/**" filters="none" />
        <security:intercept-url pattern="/styles/**" filters="none" />
        <security:intercept-url pattern="/images/**" filters="none" />
        <security:intercept-url pattern="/help**" filters="none" />
        <security:intercept-url pattern="/pages/layouts/**" filters="none" />
        <security:intercept-url pattern="/pages/sessionExpired" filters="none" />
        <security:intercept-url pattern="/pages/accessDenied" filters="none" />
        <security:intercept-url pattern="/pages/error" filters="none" />
        <security:intercept-url pattern="/pages/public/**" filters="none" />
        <security:intercept-url pattern="/pages/login" filters="none"/>


        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

        <security:logout logout-url="/logout" 
            invalidate-session="true" 
            logout-success-url="${logoutSuccessUrl}"/>


     <security:session-management>
        <security:concurrency-control
            error-if-maximum-exceeded="false" max-sessions="500"
            expired-url="/pages/sessionExpired"></security:concurrency-control>
    </security:session-management>



      <security:custom-filter ref="cflf" position="FORM_LOGIN_FILTER"/>
      <security:custom-filter ref="supf" position="SWITCH_USER_FILTER" /> 
       <security:custom-filter ref="preAuthFilter" position="PRE_AUTH_FILTER"/>
       <security:custom-filter ref="etf" before="EXCEPTION_TRANSLATION_FILTER"/>
    </security:http>



    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider ref="customAuthenticationProvider"/>
        <security:authentication-provider ref="preAuthenticatedAuthenticationProvider"/>
        <security:authentication-provider ref="preauthAuthProvider"/>
    </security:authentication-manager>


    <bean id="cflf" 
        class="org.springframework.security.web.authentication.AuthenticationProcessingFilter" >
        <property name="authenticationSuccessHandler" ref="successHandler" />
        <property name="authenticationFailureHandler"  ref="failureHandler"/>
        <property name="authenticationManager" ref="customAuthenticationManager" />
        <property name="allowSessionCreation" value="true" />

    </bean>
    <bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
    <property name="defaultFailureUrl" value="/pages/login?login_error=true" />
    </bean>
    <bean id="successHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler" >
    <property name="defaultTargetUrl" value="/pages/index" /> <!-- which is the default value -->
</bean><bean id="customAuthenticationManager" 
        class="org.springframework.security.authentication.ProviderManager">
        <property name="providers">
            <list>
                <ref local="preAuthenticatedAuthenticationProvider" />
                <ref local="customAuthenticationProvider" />
            </list>
        </property>
    </bean><bean id="authenticationEntryPoint"
        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
        <property name="loginFormUrl" value="/pages/login" />
    </bean><bean id="supf" 
        class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter" >
        <property name="userDetailsService" ref="userDetailsService" />
        <property name="switchUserUrl" value="/j_spring_security_switch_user" />
        <property name="exitUserUrl" value="/j_spring_security_exit_user" />
        <property name="switchFailureUrl" value="/pages/error" />
        <property name="targetUrl" value="/" />
    </bean><bean id="userDetailsService"
        class="com.demo.myapp.client.AuthorizationUserDetailsService">
        <property name="myappService" ref="myappService"/>
        <property name="userListingService" ref="userListingService"/>
        <property name="allowTestingRole" value="${allowTestingRole}"/>
        <property name="allowUnknownUser" value="${allowUnknownUser}"/>
    </bean><bean id="userListingService" 
        class="com.demo.myapp.client.UserListingService" />
    <bean id="myappService" class="com.demo.myapp.ws.myappServiceImpl">
        <property name="applicationName" value="${applicationName}" />
        <property name="prefix" value="${rolePrefix}" />
        <property name="myappWebServiceTemplate">
            <bean class="com.demo.myapp.ws.WebServiceTemplateFactory" 
                factory-method="createmyappWebServiceTemplate">
                <constructor-arg value="${myappWebServiceUri}" />
            </bean>
        </property>
    </bean>

<bean id="customAuthenticationProvider" 
        class="com.demo.myapp.client.CustomAuthenticationProvider"><property name="userDetailsService" ref="userDetailsService"/>
    </bean><bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
        <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
    </bean><bean id="preAuthFilter"
        class="com.demo.myapp.filter.CustomRequestHeaderPreAuthenticatedProcessingFilter">
        <property name="continueFilterChainOnUnsuccessfulAuthentication" value="${continueIfPreauthFails}"/>
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="authenticationDetailsSource" ref="authenticationDetailsSource" />
    </bean><bean id="preAuthenticatedProcessingFilterEntryPoint"
        class=" org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" /><bean id="preAuthenticatedUserDetailsService"        class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">        
        <property name="userDetailsService" ref="userDetailsService"/>
    </bean><bean id="authenticationDetailsSource" class="org.springframework.security.authentication.AuthenticationDetailsSourceImpl">
        <property name="clazz" value="com.demo.myapp.client.WssoWebAuthenticationDetails"/>
    </bean> <bean id="preauthAuthProvider" 
        class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider"> <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService"/>
    </bean> <bean id="etf"
        class=" org.springframework.security.web.access.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
        <property name="accessDeniedHandler">
            <bean class="com.demo.myapp.handler.AccessDeniedHandlerImpl">
                <property name="externalErrorPage" value="${externalAccessDeniedPage}"/>
                <property name="errorPage" value="/pages/accessDenied"/>
            </bean>
        </property>
        <property name="throwableAnalyzer">
            <bean class="com.demo.myapp.handler.CustomThrowableAnalyzer"/>
        </property>
    </bean>     

</beans>

我的AccessDeniedHandlerImpl文件包含以下代码段

 public void handle(HttpServletRequest request, HttpServletResponse response,AccessDeniedException accessDeniedException) throws IOException, ServletException {
      if ( (externalErrorPage != null) && (cookieName != null)&&!doesCookieExist((HttpServletRequest)request)) ) {
            ((HttpServletRequest) request).setAttribute(SPRING_SECURITY_ACCESS_DENIED_EXCEPTION_KEY, accessDeniedException);
            ((HttpServletResponse)response).sendRedirect(externalErrorPage);
        }
        else
            super.handle(request, response, accessDeniedException);
    }

但是当我运行应用程序时,我面临这个问题:

    ]] Root cause of ServletException.
java.lang.IllegalArgumentException: Unable to load class 'org.springframework.security.AccessDeniedException'
        at org.springframework.webflow.engine.builder.model.FlowModelFlowBuilder.toClass(FlowModelFlowBuilder.java:960)
        at org.springframework.webflow.engine.builder.model.FlowModelFlowBuilder.parseTransitionExecutingExceptionHandler(FlowModelFlowBuilder.java:764)
        at org.springframework.webflow.engine.builder.model.FlowModelFlowBuilder.parseTransitionExecutingExceptionHandlers(FlowModelFlowBuilder.java:752)
        at org.springframework.webflow.engine.builder.model.FlowModelFlowBuilder.parseExceptionHandlers(FlowModelFlowBuilder.java:733)
        at org.springframework.webflow.engine.builder.model.FlowModelFlowBuilder.parseAndAddViewState(FlowModelFlowBuilder.java:549)
        at org.springframework.webflow.engine.builder.model.FlowModelFlowBuilder.buildStates(FlowModelFlowBuilder.java:206)
        at org.springframework.webflow.engine.builder.FlowAssembler.directAssembly(FlowAssembler.java:106)
        at org.springframework.webflow.engine.builder.FlowAssembler.assembleFlow(FlowAssembler.java:91)
        at org.springframework.webflow.engine.builder.DefaultFlowHolder.assembleFlow(DefaultFlowHolder.java:109)
        at org.springframework.webflow.engine.builder.DefaultFlowHolder.getFlowDefinition(DefaultFlowHolder.java:84)
        at org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl.getFlowDefinition(FlowDefinitionRegistryImpl.java:61)
        at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:138)
        at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:771)
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647)
        at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:552)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
        at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
        at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
        at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

我错的任何想法?

提前致谢!

1 个答案:

答案 0 :(得分:0)

“org.springframework.security.AccessDeniedException”类转换为“org.springframework.security.access.AccessDeniedException”。所以它无法加载课程。