如何正确编写spring-security.xml文件?

时间:2015-08-25 15:23:56

标签: spring spring-security

我是Spring安全新手,我正在尝试将它应用于一个有效的spring-mvc项目。 错误是:

cvc-complex-type.2.4.c: The matching wildcard is strict,
but no declaration can be found for element http.

弹簧security.xml文件:

<beans:beans 
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"      
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context/spring-context.xsd">

<http auto-config='true'>
 <intercept-url pattern="/**" access="ROLE_USER" />
</http>

<authentication-manager>
 <authentication-provider>
  <user-service>
    <user name="matt3o" password="secret" authorities="ROLE_USER" />
    <user name="admin" password="admin" authorities="ROLE_USER,ROLE_ADMIN" />
  </user-service>
</authentication-provider>

      

我在pom.xml中添加了spring-security依赖。

如果我删除

<http auto-config='true'>
 <intercept-url pattern="/**" access="ROLE_USER" />
</http>

错误是相同的但是:

no declaration can be found for element authentication-manager.

看起来命名空间不起作用。

1 个答案:

答案 0 :(得分:0)

xml的默认命名空间是http://www.springframework.org/schema/beans,但它应该是http://www.springframework.org/schema/security。您还必须在xsi:schemaLocation

中添加以下内容 
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd

您必须配置用户提供凭据的方式。最简单的是

  1. 基于表单的登录

    用户使用html表单输入凭据。要使用表单登录,请在<form-login />标记内放置<http>,这会为您提供默认登录页面,您可以在以后替换它们。

  2. 基本身份验证。

    用户使用浏览器的登录对话框。要在<http-basic />标记内使用基本放置<http>

    3. 所以你的最终spring-security.xml应该是。

    <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
       xmlns:beans="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"      
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans.xsd
                           http://www.springframework.org/schema/context
                           http://www.springframework.org/schema/security
                           http://www.springframework.org/schema/security/spring-security.xsd
                           http://www.springframework.org/schema/context/spring-context.xsd">


  <http auto-config='true'>
    <intercept-url pattern="/logged" access="ROLE_USER"/> 
    <!-- Replace the below with http-basic tag for basic authentication -->
    <form-login/>
  </http>    

  <authentication-manager>
    <authentication-provider>
      <user-service>
        <user name="matt3o" password="secret" authorities="ROLE_USER" />
        <user name="admin" password="admin" authorities="ROLE_USER,ROLE_ADMIN" />
      </user-service>
    </authentication-provider>
  </authentication-manager>

</beans:beans>

    注意:不要忘记在classpath中添加spring-security-config.jar。

相关问题
最新问题