我在启动tomcat时遇到错误。我的应用程序使用的是Spring security 4.0.2和Spring 4.2.1
使用单个spring安全文件,即application-security.xml它工作正常但是当我在同一个Web应用程序中引入了一个暴露弹簧休息功能的新jar时,我收到了这个错误。
org.springframework.beans.factory.BeanCreationException:使用名称' org.springframework.security.filterChainProxy'创建bean时出错::init方法的调用失败;嵌套异常是java.lang.IllegalArgumentException:通用匹配模式(' / **')在过滤器链中的其他模式之前定义,导致它们被忽略。请检查命名空间或FilterChainProxy bean配置中的排序
我已经阅读了stackoverflow.com和其他教程的建议,但找不到合适的解决方案。
这是我的应用程序配置
的web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationLmc.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<servlet>
<servlet-name>lmc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>lmc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
应用的security.xml
<http security="none" pattern="/resources/**" />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/termsandservice" access="permitAll"></intercept-url>
<intercept-url pattern="/about" access="permitAll"></intercept-url>
<intercept-url pattern="/contact" access="permitAll"></intercept-url>
<intercept-url pattern="/faq" access="permitAll"></intercept-url>
<intercept-url pattern="/jobs" access="permitAll"></intercept-url>
<intercept-url pattern="/terms" access="permitAll"></intercept-url>
<intercept-url pattern="/privacy" access="permitAll"></intercept-url>
<intercept-url pattern="/blog" access="permitAll"></intercept-url>
<intercept-url pattern="/logout" access="permitAll"></intercept-url>
<intercept-url pattern="/login" access="permitAll"></intercept-url>
<intercept-url pattern="/login/signupvalidation" access="permitAll"></intercept-url>
<intercept-url pattern="/signup" access="permitAll" method="POST"></intercept-url>
<intercept-url pattern="/forgotPasswordPage" access="permitAll"></intercept-url>
<intercept-url pattern="/generatePasswd" access="permitAll"></intercept-url>
<intercept-url pattern="/login/resetPassword" access="permitAll"></intercept-url>
<intercept-url pattern="/login/passwordReset" access="permitAll" method="POST"></intercept-url>
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"></intercept-url>
<form-login login-page="/login" authentication-success-handler-ref="lmcAuthSuccessHandler" />
<logout logout-success-url="/login" logout-url="/logout" />
<session-management invalid-session-url="/login">
<concurrency-control max-sessions="2" expired-url="/login" />
</session-management>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="lmcAuthManager" />
</authentication-manager>
<beans:bean id="lmcAuthManager" class="com.lmc.web.security.auth.LMCAuthManager" />
<beans:bean id="lmcAuthSuccessHandler" class="com.lmc.web.security.auth.LMCAuthenticationSuccessHandler" />
根据网上的多个建议,我发现我应该在应用程序安全文件中定义模式值。但我不确定我需要放置什么模式值,因为所有这些都需要从web root访问。
以下是applicationRestService.xml是具有spring安全性详细信息的REST配置
applicationRestService.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd">
<context:component-scan base-package="com.lmc.rest" />
<mvc:annotation-driven />
<security:http pattern="/api/**" entry-point-ref="restAuthenticationEntryPoint" use-expressions="true" auto-config="false" create-session="stateless">
<security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />
<security:intercept-url pattern="/api/**" access="isAuthenticated()" />
<security:logout />
</security:http>
<security:authentication-manager alias="lmcRestAuthManger">
<security:authentication-provider user-service-ref="userDetailsService" />
</security:authentication-manager>
<bean id="userDetailsService" class="com.lmc.rest.security.RestAuthenticationUserDetailService" />
<bean class="com.lmc.rest.security.RestStatelessAuthenticationFilter" id="authenticationTokenProcessingFilter">
<constructor-arg type="java.lang.String">
<value>/api/**</value>
</constructor-arg>
<property name="authenticationManager" ref="lmcRestAuthManger"></property>
</bean>
<bean id="restAuthenticationEntryPoint" class="com.lmc.rest.security.LMCRestAuthenticationEntryPoint"/>
</beans>
感谢阅读。任何帮助表示赞赏。