如何正确编写spring-security.xml文件?

时间:2015-08-25 15:23:56

标签: spring spring-security

我是Spring安全新手,我正在尝试将它应用于一个有效的spring-mvc项目。 错误是:

cvc-complex-type.2.4.c: The matching wildcard is strict,
but no declaration can be found for element http.

弹簧security.xml文件:

<beans:beans 
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"      
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context/spring-context.xsd">

<http auto-config='true'>
 <intercept-url pattern="/**" access="ROLE_USER" />
</http>

<authentication-manager>
 <authentication-provider>
  <user-service>
    <user name="matt3o" password="secret" authorities="ROLE_USER" />
    <user name="admin" password="admin" authorities="ROLE_USER,ROLE_ADMIN" />
  </user-service>
</authentication-provider>

      

我在pom.xml中添加了spring-security依赖。

如果我删除

<http auto-config='true'>
 <intercept-url pattern="/**" access="ROLE_USER" />
</http>

错误是相同的但是:

no declaration can be found for element authentication-manager.

看起来命名空间不起作用。

1 个答案:

答案 0 :(得分:0)

xml的默认命名空间是http://www.springframework.org/schema/beans,但它应该是http://www.springframework.org/schema/security。您还必须在xsi:schemaLocation

中添加以下内容
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd

您必须配置用户提供凭据的方式。最简单的是

  1. 基于表单的登录

    用户使用html表单输入凭据。要使用表单登录,请在<form-login />标记内放置<http>,这会为您提供默认登录页面,您可以在以后替换它们。

  2. 基本身份验证。

    用户使用浏览器的登录对话框。要在<http-basic />标记内使用基本放置<http>

  3. 所以你的最终spring-security.xml应该是。

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
           xmlns:beans="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:context="http://www.springframework.org/schema/context"      
           xsi:schemaLocation="http://www.springframework.org/schema/beans
                               http://www.springframework.org/schema/beans/spring-beans.xsd
                               http://www.springframework.org/schema/context
                               http://www.springframework.org/schema/security
                               http://www.springframework.org/schema/security/spring-security.xsd
                               http://www.springframework.org/schema/context/spring-context.xsd">
    
    
      <http auto-config='true'>
        <intercept-url pattern="/logged" access="ROLE_USER"/> 
        <!-- Replace the below with http-basic tag for basic authentication -->
        <form-login/>
      </http>    
    
      <authentication-manager>
        <authentication-provider>
          <user-service>
            <user name="matt3o" password="secret" authorities="ROLE_USER" />
            <user name="admin" password="admin" authorities="ROLE_USER,ROLE_ADMIN" />
          </user-service>
        </authentication-provider>
      </authentication-manager>
    
    </beans:beans>
    

    注意:不要忘记在classpath中添加spring-security-config.jar。