项目: https://github.com/spring-projects/spring-security/tree/master/samples/preauth-xml
当尝试运行上面的项目时,我得到以下异常:
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#ec8a0ac': Cannot resolve reference to bean 'fsi' while setting constructor argument with key [4]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'fsi' defined in ServletContext resource [/WEB-INF/applicationContext-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [ROLE_USER, ROLE_SUPERVISOR, ROLE_USER]
与错误相关的XML代码:
<bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<property name="securityMetadataSource">
<sec:filter-security-metadata-source>
<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
<sec:intercept-url pattern="/**" access="ROLE_USER"/>
</sec:filter-security-metadata-source>
</property>
</bean>
尝试在tomcat 6和7上运行它,发生同样的错误。任何提示或帮助将不胜感激。感谢。
答案 0 :(得分:2)
示例未正确迁移到Spring Security 4.我记录了一个错误(SEC-2966)和fixed it。问题是默认情况下Spring Security 4中的use-expression属性被更改为true。所以我们需要明确地将其声明为false:
<sec:filter-security-metadata-source use-expressions="false">
<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
<sec:intercept-url pattern="/**" access="ROLE_USER"/>
</sec:filter-security-metadata-source>
答案 1 :(得分:0)
是的,这是我面临的问题。但是我使用了uses-expressions =“true”并更改了access =“hasAnyRole('ROLE_USER')”,它不起作用并得到了同样的错误。
我认为当你改变使用hasAnyRole或hasRole的访问权限时,使用use-expressions =“true”应该有效。它对我不起作用。
当我更改use-expressions =“false”然后访问=“ROLE_USER”
时,它有效奇怪..
谢谢Rob