定义了一个通用匹配模式(' / **')...尝试将spring security添加到项目时出错

时间:2014-11-02 09:03:54

标签: java spring-security

我正在尝试为我的项目添加spring security,我已经尝试使用互联网上找到的所有解决方案,但没有任何效果。你有什么想法?? 堆栈跟踪:

Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
    at org.springframework.security.config.http.DefaultFilterChainValidator.checkPathOrder(DefaultFilterChainValidator.java:51)
    at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:40)
...

的web.xml 

<?xml version="1.0" encoding="ISO-8859-1" ?>
<web-app ..>

    <display-name>Archetype Created Web Application</display-name>

    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/context.xml,
            /WEB-INF/spring-security.xml
        </param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>

弹簧security.xml文件:

<beans:beans ...>

    <http auto-config="true" use-expressions="true">

        <intercept-url pattern="/admin**" access="hasRole('role_admin')" />

        <access-denied-handler error-page="/403" />

        <form-login
            login-page="/user/login"
            default-target-url="/index"
            authentication-failure-url="/index"
            username-parameter="username"
            password-parameter="password" />
        <logout logout-success-url="/index"  />
    </http>

    <authentication-manager>
      <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
          users-by-username-query=
            "select username,password from users where username=?"
          authorities-by-username-query=
            "select username, role from users join user_roles using(id_user_roles) where username =?" />
      </authentication-provider>
    </authentication-manager>

</beans:beans>

我应该从我的项目中添加一些其他.xml文件吗?

0 个答案:

没有答案
相关问题
最新问题