如果我从Spring 4.1.7.RELEASE迁移到4.2.1.RELEASE Google App Engine会引发java.lang.NoClassDefFoundError
当Spring Security抛出AccessDeniedException时(AffirmativeBased.java:83)
我知道我无法访问所请求的资源。我希望spring会在那之后显示登录页面但是从Spring 4.2开始它不起作用:(
[INFO] java.lang.NoClassDefFoundError: java.util.ResourceBundle$Control is a restricted class. Please see the Google App Engine developer's guide for more details.
[INFO] at com.google.appengine.tools.development.agent.runtime.Runtime.reject(Runtime.java:52)
[INFO] at org.springframework.context.support.ResourceBundleMessageSource$MessageSourceControl.<init>(ResourceBundleMessageSource.java:417)
[INFO] at org.springframework.context.support.ResourceBundleMessageSource$MessageSourceControl.<init>(ResourceBundleMessageSource.java:417)
[INFO] at org.springframework.context.support.ResourceBundleMessageSource.doGetBundle(ResourceBundleMessageSource.java:314)
[INFO] at org.springframework.context.support.ResourceBundleMessageSource.getResourceBundle(ResourceBundleMessageSource.java:284)
[INFO] at org.springframework.context.support.ResourceBundleMessageSource.resolveCodeWithoutArguments(ResourceBundleMessageSource.java:234)
[INFO] at org.springframework.context.support.AbstractMessageSource.getMessageInternal(AbstractMessageSource.java:218)
[INFO] at org.springframework.context.support.AbstractMessageSource.getMessage(AbstractMessageSource.java:136)
[INFO] at org.springframework.context.support.MessageSourceAccessor.getMessage(MessageSourceAccessor.java:83)
[INFO] at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
[INFO] at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232)
[INFO] at org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor.invoke(AspectJMethodSecurityInterceptor.java:43)
[INFO] at org.springframework.security.access.intercept.aspectj.aspect.AnnotationSecurityAspect.ajc$around$org_springframework_security_access_intercept_aspectj_aspect_AnnotationSecurityAspect$1$c4d57a2b(AnnotationSecurityAspect.aj:63)
[INFO] at xx.xxx.controllers.PortalController.home(PortalController.java:51)
答案 0 :(得分:3)
要在GAE上运行Spring 4.2.1并使用全局方法安全性,我必须将消息源设置为StaticMessageSource而不是导致问题的ResourceBundleMessageSource。不幸的是,声明messageSource bean不仅是必须要做的一件事。
@Bean(name = "messageSource")
public MessageSource messageSource() {
StaticMessageSource messageSource = new StaticMessageSource();
return messageSource;
}
此处使用的AffirmativeBased访问决策管理器由方法GlobalMethodSecurityConfiguration.accessDecisionManager()创建,并且不是Spring bean,因此不执行setMessageSource()方法,因此它不是MessageSourceAware。解决方案是手动设置此messageSource:
@Configuration
@EnableGlobalMethodSecurity
public class MethodSecurityConfiguration extends GlobalMethodSecurityConfiguration {
@Inject
private MessageSource messageSource;
@Override
protected AccessDecisionManager accessDecisionManager() {
AffirmativeBased manager = (AffirmativeBased)super.accessDecisionManager();
manager.setMessageSource(messageSource);
return manager;
}
}
答案 1 :(得分:0)
经过一些试验和错误后,以下似乎对我有效:
更新Spring配置以使用ReloadableResourceBundleMessageSource而不是ResourceBundleMessageSource,例如在XML
&lt; bean id =“messageSource” 类= “org.springframework.context.support.ReloadableResourceBundleMessageSource” &GT; &lt; property name =“basename” value =“/ WEB-INF / i18n / messages”/&gt; &LT; /豆腐&GT;