我尝试用spring spring来简单地记住我的身份验证,但是当我尝试实现accessDecisionManager时,我发现了这个错误。这里是错误日志:
org.springframework.beans.factory.BeanCreationException:错误 创建名为'org.springframework.security.filterChains'的bean: 无法解析对bean的引用 'org.springframework.security.web.DefaultSecurityFilterChain#0'而 使用键[0]设置bean属性'sourceList';嵌套异常是 org.springframework.beans.factory.BeanCreationException:错误 用名字创建bean 'org.springframework.security.web.DefaultSecurityFilterChain#0': 无法解析对bean的引用 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0' 用key [10]设置构造函数参数;嵌套异常是 org.springframework.beans.factory.BeanCreationException:错误 用名字创建bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': 无法创建类型的内部bean'(内部bean)' [org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource] 设置bean属性'securityMetadataSource';嵌套异常 是org.springframework.beans.factory.BeanCreationException:错误 创建名为'(内部bean)#19'的bean:bean的实例化 失败;嵌套异常是 org.springframework.beans.BeanInstantiationException:不能 实例化bean类 [org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: 构造函数抛出异常;嵌套异常是 java.lang.IllegalArgumentException:无法解析表达式 'ROLE_ADMIN,IS_AUTHENTICATED_FULLY'
这是我的xml文件。 的web.xml
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Spring Security Eksplorasi</display-name>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Spring MVC -->
<servlet>
<servlet-name>kampus</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>kampus</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-database.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
所以这是我的spring-security.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.access.vote.RoleVoter">
<beans:property name="rolePrefix" value="ROLE_"/>
</beans:bean>
<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
</beans:list>
</beans:property>
</beans:bean>
<security:http auto-config="true" use-expressions="true" access-decision-manager-ref="accessDecisionManager">
<security:remember-me key="kampus-rememberme" data-source-ref="dataSource" />
<security:intercept-url pattern="/admin/*" access="ROLE_ADMIN, IS_AUTHENTICATED_FULLY" />
<security:access-denied-handler error-page="/403" />
<security:form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<security:logout logout-success-url="/login?logout" />
<!-- enable csrf protection
<csrf/>-->
</security:http>
<!--
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<constructor-arg>
<list>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
</bean>
-->
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select username,password, status from users where username=?"
authorities-by-username-query=
"select username, role from user_roles where username =? " />
</security:authentication-provider>
</security:authentication-manager>
</beans>
答案 0 :(得分:2)
您可能只需删除访问属性中的空格:
access="ROLE_ADMIN, IS_AUTHENTICATED_FULLY"
到
access="ROLE_ADMIN,IS_AUTHENTICATED_FULLY"
如果这不起作用,请尝试:
access="hasAnyRole('ROLE_ADMIN', 'IS_AUTHENTICATED_FULLY')"
类似的问题:Spring Security 3 specify multiple intercept-url access roles
检查Teja的答案。
答案 1 :(得分:0)
您正在使用expression based access control(默认情况下,您使用use-expressions="true"明确声明它)并且ROLE_ADMIN, IS_AUTHENTICATED_FULLY不是有效的表达式,而是一种旧样式&#34;角色列表,以便将use-expressions设置为false或替换&#34;旧样式&#34;带有表达式hasRole('ROLE_ADMIN') or isFullyAuthenticated()